Auto Downloading SCEP Definitions with PowerShell

By | 2016-07-08

I’ve been asked how to automate the download of fresh definitions for SCEP definitions in an enterprise environment, so here is an easy way to do it with PowerShell.

If you are utilizing System Center Endpoint Protection (SCEP) for client in your network, you have the option of having your clients pointed at a UNC share on the network to download definitions on a schedule. But you are still stuck with getting those definitions updated regularly.

Now you could simply open a browser, and download the definitions manually, saving the definition files. It’s easy enough, since the URLs are the same each week:

http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64
http://go.microsoft.com/fwlink/?LinkId=211054
http://go.microsoft.com/fwlink/?LinkId=197094

Each of those links will get you the files you need. You’ll simply have to save the files over the top of existing files to the file share where your clients pick up the new files. But already, you might be seeing the automation potential here. Since the URLs and filenames do not change, we can easily script this out with PowerShell, and then use Task Scheduler to grab the files for us.

The script is pretty straightforward. There are only 11 lines of actual code in it, and that’s because I tend to be a bit verbose in my coding. So here is a version of what I use to grab the SCEP definitions from Microsoft on a weekly basis:

# set paths

$IncomingPath="d:\scep\incoming\"

$WinDefx64Source = "http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64"
$WinDefx64Target = $IncomingPath + "mpam-fe.exe"

$MSAMx64Source = "http://go.microsoft.com/fwlink/?LinkId=211054"
$MSAMx64Target = $IncomingPath + "mpam-d.exe"

$SCEPDefx64Source = "http://go.microsoft.com/fwlink/?LinkId=197094"
$SCEPDefx64Target = $IncomingPath + "nis_full.exe"

# download

$wc = New-Object System.Net.WebClient
$wc.DownloadFile($WinDefx64Source, $WinDefx64Target)
$wc.DownloadFile($MSAMx64Source, $MSAMx64Target)
$wc.DownloadFile($SCEPDefx64Source, $SCEPDefx64Target)

There is nothing really magical going here, but I’ll step through it quickly, in the interest of completeness.

This first section sets up some paths in to variables. This includes a directory where the definitions are going to be saved, defined at the top of the script. Why? This is so I can change where the files go by changing one entry, rather than three entries.

Following that, the source URLs are each defined, along with the corresponding destination.

Next, a new .Net webclient object is instantiated. Leveraging .Net in PowerShell is a really good thing, and if you are not doing it, learn it now. It’ll save you a lot of re-inventing of stuff that already exists.

The last three lines of the script download each file with the webclient object, saving each one in turn.

Once you have this script tested and working, you can use the Windows Task Scheduler to run this script on, say, a weekly basis to automatically download the files. Nice, eh?

I mentioned earlier that this script could be accomplished in four lines, and here it is:

$wc = New-Object System.Net.WebClient
$wc.DownloadFile("http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64", "d:\scep\incoming\mpam-fe.exe")
$wc.DownloadFile("http://go.microsoft.com/fwlink/?LinkId=211054", "d:\scep\incoming\mpam-d.exe")
$wc.DownloadFile("http://go.microsoft.com/fwlink/?LinkId=197094", "d:\scep\incoming\nis_full.exe")

There you go. I hope someone finds this useful, and remember, automate all the things.

Author: dwirch

Derek Wirch is a seasoned IT professional with an impressive career dating back to 1986. He brings a wealth of knowledge and hands-on experience that is invaluable to those embarking on their journey in the tech industry.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.