Symptoms:
When you use the Forefront Endpoint Protection (FEP) 2010 Group Policy Tool to import a policy file that was exported from System Center 2012 Endpoint Protection, it will fail with a screenshot similar to the following :
Cause:
The XML namespace is missing and a couple of registry value types have changed in System Center 2012 Endpoint Protection, which results in the error.
Resolution:
- Perform the following changes manually
- Add "xmlns="http://forefront.microsoft.com/FEP/2010/01/PolicyData"" in the "SecurityPolicy" section of the policy file.
- Open the policy file, in the “AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Signature Updates"” section, replace “FallbackOrder” type “REG_DWORD” with “REG_SZ”.
- Open the policy file, in the “AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Signature Updates"” section, replace “DefinitionUpdateFileSharesSources” type “REG_DWORD” with “REG_SZ”.
- Automate the changes by using the script in the Script section
You can use the script in the Script section to make the changes to the policy file. You can also write a Java script tool to automate the script. For example, you can name the script in the Script section FepGPFileCorrector.js, and then use a command such as the following:
cscript.exe FepGPFileCorrector.js <originpolicyfile>.xml
Where, originpolicyfile is the exported System Center 2012 Endpoint Protection policy file. Currently, the following is supported:
- Full path of local xml file. For example, c:\test\output.xml
- Full path of network share file. For example, \\atc-dist-01\test\output.xml
- File located under the folder that script tool is running.
The target/output policy file is named Converted-<originpolicyfile>.xml.
Read the full post Via http://blogs.technet.com/b/configmgrteam/archive/2012/02.aspx