Ok so this SCEP Update has been released some time ago, but i have seen and heard some confusion on how to get this Update installed properly into the ConfigMgr environments.


The KB2828233 update itself is a server update and you need to install it on your Primary Site servers as you do with the SP’s, CU’s and other Hotfixes.

What it will do on the server is that it will:

  • Install itself as an Update to Endpoint Protection to the local EP Client on the server.
  • Create a Server Update Package in ConfigMgr in the Packages folder “Configuration Manager Updates”.
  • A SCUP catalog folder will also be placed in the ConfigMgr install folder “.\Program Files\Configuration Manager\hotfix\KB2828233\SCUP” for those of you that use SCUP for updating your Site Servers.
  • Update the scepinstall.exe file in the ConfigMgr install folder “.\Program Files\Configuration Manager\Client” to version (Remember to right click your native “Configuration Manager Client Package” and update you Distribution Points)

Now… “Some of you are already thinking: I cant wait for the part of updating Endpoint Protection on the already in-place/installed clients!”
And here it comes:

Its actually quite the anti climax, because in KB2828233 there is no update for you clients… So forget about KB2828233, or actually not –wait up! Because there are a couple of ways to update SCEP on your clients by using KB2828233 alone:

  1. Manually update all your clients from the SCEP interface on your clients (If you only have 2 clients then thats ok – if you have more then 50 –> AVOID…)
  2. Change ConfigMgr Site Settings to “Upgrade client automatically when new client updates are available” (I wouldnt do this either).


But here comes the anti climax – there’s an update available from Windows Updates… buuhhuuu


You can go to your Software Updates section and go into All Software Updates and find KB2831316 which actually is the Update for your clients (And this is what i would recommend you to do at anytime!)


So to sum up – Install KB2828233 as a server update and update the native “Configuration Manager Client Package” for the coming client deployments.
And make sure KB2831316 is deployed to your active/in-place clients as a Windows Update via your normal Software Update process.

Now go be secure… Cheers