How can I prevent SCCM 2012 from pushing out the client to all my servers repeatedly? I have pulled them from the EndPoint protection collection but they continue to get dropped back in. I do not want EndPoint Protection installed on my servers. Thanks in advance for the help

• Moved by Steven_Lee0510Microsoft contingent staff 5 hours 37 minutes ago

Hi,

Due to this issue is more related to the SCCM, to get better help, please allow me to move it to the SCCM forum.

Thanks for your understanding!

Bit of translation and I think you are referring to the Enpoint Protection feature, not the entire SCCM agent.

If so you have to look at your Client policies under the "administrative" section of SCCM ... not necessarily a specific collection.  If your default client policy has Endpoint Protection enabled, every device that doesn't have an overriding policy will enable (and re-enable) endpoint protection.

Here's a longer term tip:  don't use the default client policy.  Generally leave it alone.  Instead, create policies that you DO assign to collections and set your custom client policies to those.  Quick example:  make two policies:  default workstations, and default servers.  Then assign those to two collections:  (a server and workstation collection).  Bam:  you can now safely enable features for one group of devices without impacting others (like user device affinity or endpoint protection).