Get the latest* SCEP 2012 R2 client easily without updating SCCM

[Updated 2015-03-03]

If you need to get hold of the latest System Center Endpoint Protection 2012 R2 client installer, normally you’d have to download the original installer from the Volume Licensing Center and install from that, then update using the latest cumulative update for SCCM – on your SCCM server – which is really annoying. However there’s a cheeky back-door method that I’ve found. It’s publicly available and I’ve read nothing that says you shouldn’t do it this way.

If you have SCEP installed already, then as of 3rd Feb 2015 when you do a Microsoft Update it will be updated to version 4.7.209.0 – and luckily the installer will be left behind in your SoftwareDistribution folder. Just go here on your updated PC as soon as it finishes installing: C:\Windows\SoftwareDistribution\Download\Install and there you should find the scepinstall.exe installer waiting for you.
If for some reason it’s not there all you need to do is look in your C:\Windows\WindowsUpdate.log file for scepinstall and you’ll find a line in the log where the update system downloaded the install from. It should look like this:

http://au.v4.download.windowsupdate.com/c/msdownload/update/software/crup/2015/02/scepinstall_230274d8b20bbe30fb94a287fd82670af0309ea4.exe

Much easier than it used to be, but still not as easy as it should be.


Here’s the old and much harder way if you’re a bit of a masochist and don’t want the newest version(!):

Basically the answer was to get the March 2014 anti-malware platform update from its KB article and keep extracting its nested contents until you get to the scepinstall.exe file.

Here’s a list of the steps we’ll go through:

  1. Download the ConfigMgrV5 component of KB2952678
  2. Extract the hotfix by double-clicking
  3. Extract the hotfix contents using /extract
  4. Extract the msi using msiexec /a cm12-sp1cu4-qfe-kb2952678-x64-enu.msi TARGETDIR=<path>
  5. Copy and use the scepinstall.exe file

And here’s the detail:

First the latest version of the client as of this post is 4.5.216.0 – and Microsoft are providing an updater for that on Microsoft Update. Unfortunately the updater is purely that, an updater, and does not include all the installation bits we need. However if you go to the KB article for this updater (KB2952678) then we can find a “Hotfix Download Available” button.

Click to get the Hotfix and choose only the item named ConfigMgrV5 with a fix name of ConfigMgr_2012_SP1_CU4_KB2952678_ENU. Do the usual and give it your email address and fill in the captcha. You’ll then get a link to get the update from. To save visitors time the url you’ll get follows:

http://hotfixv4.microsoft.com/ConfigMgrV5/sp1/ConfigMgr_2012_SP1_CU4_KB2952678_ENU/05.00.7804.1508/free/474251_ENU_x64_zip.exe

We now need to extract this 3 times to get to what we want!

Run the .exe file to extract its contents somewhere. You’ll end up with a 26MB file called CM12-SP1CU4-QFE-KB2952678-X64-ENU.exe – we now need to extract this too. Run this in an admin command-prompt using the /extract switch, eg.:

CM12-SP1CU4-QFE-KB2952678-X64-ENU.exe /extract

You’ll be prompted for a place to put it, give the extracter an empty folder somewhere. Now you have a folder with the contents of this supposed ‘hotfix’. The magic we are looking for is buried inside the .msi file that’ll be in the root of the folder… cm12-sp1cu4-qfe-kb2952678-x64-enu.msi

Finally, we have to extract this msi. You might be able to use a universal extract to explode it, but it’s easier to just turn it into an administrative installation point, thusly, from an admin command-prompt:

msiexec /a cm12-sp1cu4-qfe-kb2952678-x64-enu.msi TARGETDIR="<full path to an existing empty folder>"

So, now you have an administrative installation point for the hotfix… and if we have a look inside we see the final target, scepinstall.exe

It’ll have the version we want (4.5.216.0) and can be used on 32-bit and 64-bit machine types. Copy that somewhere then tidy up all the bits we had to extract to get to it and you’re done.

Hope that helps.

* Of course this was the latest version available as of the date of this post, so there might be a newer update out there when you read this – it’s up to you to find it and apply this method.

A way to run a 64-bit process from a 32-bit script (like add a registry key)

Say you have a need to add a registry key into the 64-bit registry hive but you’re stuck with doing it from a vbscript running in a 32-bit process. For example SCCM always runs vbscript in a 32-bit process, even on a 64-bit Windows machine! If you try this normally Windows 7 64-bit will redirect the key to the virtual 32-bit hive. So running in a 32-bit process if we want to add a key to HKLM\Software\ you will find it will always end up in HKLM\Software\Wow6432Node\ no matter what you do.

I couldn’t find a way to do it directly using vbscript in the short time I spent looking into it, but I did find a sneaky indirect way. My method is to execute a command to add a scheduled task into Windows that will do it for you!

I’ve written a bit of vbscript which will create a run-once self-deleting scheduled task that can be used to run a command such as REG ADD which will be running as a 64-bit process, assuming you use it on Windows x64. The only thing you need to have is admin rights, the rest will happen automatically.

You could use it for all sorts of things, like getting access to an area of the OS that needs LOCAL SYSTEM rights for example. You must remember though it’s just for firing off a command that you don’t need a response from. You need to test whatever you fire-off because you can’t check what you’ve done from within the script!

Click here to see my function on pastebin

To use the vbscript function you need to call the CreateJob() function and pass it the command that you want to run. For example if we call the following…

CreateJob("REG ADD HKLM\Software\64BitKey /v 64BitValue /d 64BitData /f")

…then my function will create a scheduled task that runs the command between the quotes 1 minute after it is created. Once the task completes it will then delete itself automatically, whether it succeeds or fails. The command in my example will create a registry key HKLM\Software\64BitKey with a new REG_SZ value 64BitValue which has the string data 64BitData.

I’ve commented the code as best I can. Basically the scheduled task that is created will have a unique name every time due the use of a guid string for the name. The task will work on XP, Vista and Windows 7, and on 32-bit or 64-bit, but it will always be in ‘XP mode’ so that it will delete itself after it is executed.

Here’s a slightly generic example of use:

Adding a registry key HKLM\Software\RegKey with KeyName that has a DWORD value of 000000FF:
CreateJob("REG ADD HKLM\Software\RegKey /v KeyName /t REG_DWORD /d 0xFF /f")
Notice here the use of 0xFF to specify the hex value, and the /f switch to force the key to add. If we don’t use /f and the value is already there then the command will perpetually wait for a response.

Here are some screenshots proving it works…

1. running the script in an Admin CMD prompt running in 32-bit mode on a 64-bit machine

2. proving the script is running as a 32-bit process

3. showing the scheduled task about to run

4. and finally the registry key after it has been created, definitely in the 64-bit hive!

For more info about the REG ADD command either go here, try typing reg add /? in the command-line, or you could Google it.

The right way to do my precise example is use WMI as mentioned here but my way is more flexible because you can do other stuff like run apps in a 64-bit process as well…

Anyway, here’s my function. Have fun with it, and don’t forget, you’re running as the SYSTEM account when you use this, so please be careful!


Function CreateJob(strCommand)
    Const SHELL_WAIT = True
    Const SHELL_HIDE = 0
    CreateJob = False
    ' Get date & time 1 minute in advance
    ' And it must be at least 1 minute
    ' Source: w3schools, & mikeblas on hardforum.com
    Dim strDateTime : strDateTime = DateAdd("n", 1, Now())
    Dim strDate     : strDate = LEFT(strDateTime, InStr(strDateTime, " ")-1)
    Dim strTime     : strTime = MID(strDateTime, InStr(strDateTime, " ")+1)

    ' define the command we will run to create the once-only scheduled task
    ' uses a new guid for the name each time so it will be a unique task
    Dim strJobCmd   : strJobCmd = "schtasks.exe /Create /TN " & _
        getGuid & " /RU SYSTEM /ST " & _
        strTime & " /SD " & _
        strDate & " /SC ONCE /TR """ & _
        strCommand & """"
        ' on Vista/Win7 must create task as XP-readable type using /V1
        ' this is so it will delete itself propely (bug in schtasks) using /Z
        If onVistaWin7 Then strJobCmd = strJobCmd & " /Z /V1"
    WScript.echo strJobCmd
    Dim oJobShell : Set oJobShell = CreateObject("WScript.Shell")
    Dim jobRet : jobRet = oJobShell.Run(strJobCmd, SHELL_HIDE, SHELL_WAIT)
    If jobRet = 0 Then CreateJob = True
    ' here we tried to make the task and get the result to a variable
    ' if the return is non-zero then the creation of the task errored
    Set oJobShell = Nothing
End Function

Function getGuid
    ' this functions gets a unique guid and returns it as a string
    Dim TypeLib : Set TypeLib = CreateObject("Scriptlet.TypeLib")
    getGuid = Left(CStr(TypeLib.Guid),38)
    ' above line also removes some strageness at the end
    Set TypeLib = Nothing
End Function

Function onVistaWin7
    ' this function returns true on Vista or above (incl. Srv2008)
    Dim colOSver, objOSver
    onVistaWin7 = False
    Set colOSver = GetObject("WinMgmts:root\cimv2").ExecQuery _
        ("Select Version from Win32_OperatingSystem")
    For Each objOSver In colOSver
        If Left(objOSver.Version,1) >= 6 Then onVistaWin7 = True
    Next
    Set colOSver = Nothing
End Function