About Preconfigured Policy Templates

Applies To: Forefront Endpoint Protection

You can maintain consistent configuration settings for multiple endpoints by applying policies. Preconfigured policy templates can help you create policies that contain optimized settings, defined by technology. You can also apply preconfigured policy templates locally to endpoints. There are two different download packages available. FEPServerRolePoliciesForUseWithConfigMgrUI.exe contains policy templates for use with FEP on Configuration Manager. FEPServerRolePoliciesForUseWithGPO.exe contains policy templates that can be used to configure policy settings locally on endpoints, deployed via script, or imported into Group Policy.

Policy templates are in XML format and contain configuration settings that are optimized for endpoints running specific technologies. Preconfigured policy templates are included in the installation of FEP on Configuration Manager. Periodically, preconfigured policy templates may be updated and new templates may be provided. The latest versions of the preconfigured FEP policy templates are available for download from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=207730).


In order to work with the updated preconfigured policy templates by using FEP running on Configuration Manager, you must first extract the policy files to the %programfiles%\Microsoft Forefront\Policytemplates folder. After extracting the templates, you can then create policies based on the template settings by using the New Policy Wizard in the Configuration Manager console. It is important to note that when a policy is created based on a preconfigured policy template, the policy does not automatically receive updated settings when a new version of the policy template is extracted to the Policytemplates folder.

After downloading the policy template package that applies to your FEP environment and extracting the files to their proper location, you can then select the appropriate policy template that corresponds to the technology running on the endpoint. Each template contains different configuration settings. For this reason, it is important that you select the policy template that contains the policy settings that you want to apply. If you apply the settings contained in a policy template to an endpoint for which those settings were not intended, you may make configuration changes that will affect the performance of that endpoint.

To view specific policy template settings, you can right-click the .xml file that you want to view, and then click Edit. Be careful not to edit the template file. Editing the preconfigured policy template files directly is not supported. Instead, you can create a policy based on the template by using Configuration Manager or by using the Group Policy Tool. For information about creating new FEP policies by using templates in Configuration Manager, see Creating a Policy. For information about creating new FEP policies from policy templates using the FEP Group Policy Tool, see Converting FEP Policies to Group Policy.

Preconfigured policy templates are available for endpoints running the following technologies.


Microsoft SQL Server 2005

Microsoft SQL Server 2008

Internet Information Services (IIS) 6
Internet Information Services (IIS) 7

System Center Configuration Manager 2007
System Center Configuration Manager 2007 R2

Microsoft Exchange Server 2007
Microsoft Exchange Server 2010

Microsoft Forefront Protection 2010 for Exchange Server (FPE)

Microsoft Office SharePoint® Server 2007
Microsoft SharePoint 2010

Microsoft Forefront Protection 2010 for SharePoint (FPSP)

Domain Controller
Active Directory Domain Services

Microsoft Hyper-V™ (host)

Terminal Services

DNS Server

DHCP Server

File Services

Microsoft Forefront Security for Exchange Server

System Center Operations Manager 2007

Microsoft Forefront Threat Management Gateway

Microsoft Lync 2010

Server (FEP-recommended default policy settings for servers)