What does the Membership Rules for Microsoft Forefront Endpoint Protection 2010 (FEP) in Microsoft System Center Configuration Manger 2007 (ConfigMgr) look like?

If you installed FEP 2010 and looked at the collections in ConfigMgr you’ll notice every collection under FEP Collections is locked and you can’t even view the Membership Rules Query.  This is normal and by design.  I guess Microsoft doesn’t want you messing with their carefully throughout, planned, and very specific membership rules for FEP.

screenshot.23

screenshot.24

 

Now you might be asking yourself what they look like.  I asked myself that same question.  I don’t plan on making any changes but I was just curious what they looked like.  After poking around in SQL I found the tables where the names of the collections are stored and where the queries are also stored.  Both tables are in the SMS_3DIGITSITECODE database if you kept the defaults (example SMS_AJR).  The first table is dbo.Collection_Rules.  It holds the CollectionID and QueryName.  That’s basically the same things as the collection name.  The second table is the dbo.Collection_Rules_SQL where the actual WQL and SQL language is.  They’re linked together by collection ID numbers but I made it more user friendly.  The results are below.

Excel 2007+ file:
FEP_Collection_Query_Language.xlsx

Tab delimited text file:
FEP_Collection_Query_Language.txt

After looking at the query language now I know why Microsoft locked them, so users can’t mess them up !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s