Auto Downloading SCEP Definitions with PowerShell

Posted On 2016-07-08 by dwirch
Tags: Powershell Scripting Windows
Views: 1406

I've been asked how to automate the download of fresh definitions for SCEP definitions in an enterprise environment, so here is an easy way to do it with PowerShell.

If you are utilizing System Center Endpoint Protection (SCEP) for client in your network, you have the option of having your clients pointed at a UNC share on the network to download definitions on a schedule. But you are still stuck with getting those definitions updated regularly.

Now you could simply open a browser, and download the definitions manually, saving the definition files. It's easy enough, since the URLs are the same each week:

Each of those links will get you the files you need. You'll simply have to save the files over the top of existing files to the file share where your clients pick up the new files. But already, you might be seeing the automation potential here. Since the URLs and filenames do not change, we can easily script this out with PowerShell, and then use Task Scheduler to grab the files for us.

The script is pretty straightforward. There are only 11 lines of actual code in it, and that's because I tend to be a bit verbose in my coding. So here is a version of what I use to grab the SCEP definitions from Microsoft on a weekly basis:

# set paths


$WinDefx64Source = ""
$WinDefx64Target = $IncomingPath + "mpam-fe.exe"

$MSAMx64Source = ""
$MSAMx64Target = $IncomingPath + "mpam-d.exe"

$SCEPDefx64Source = ""
$SCEPDefx64Target = $IncomingPath + "nis_full.exe"

# download

$wc = New-Object System.Net.WebClient
$wc.DownloadFile($WinDefx64Source, $WinDefx64Target)
$wc.DownloadFile($MSAMx64Source, $MSAMx64Target)
$wc.DownloadFile($SCEPDefx64Source, $SCEPDefx64Target)

There is nothing really magical going here, but I'll step through it quickly, in the interest of completeness.

This first section sets up some paths in to variables. This includes a directory where the definitions are going to be saved, defined at the top of the script. Why? This is so I can change where the files go by changing one entry, rather than three entries.

Following that, the source URLs are each defined, along with the corresponding destination.

Next, a new .Net webclient object is instantiated. Leveraging .Net in PowerShell is a really good thing, and if you are not doing it, learn it now. It'll save you a lot of re-inventing of stuff that already exists.

The last three lines of the script download each file with the webclient object, saving each one in turn.

Once you have this script tested and working, you can use the Windows Task Scheduler to run this script on, say, a weekly basis to automatically download the files. Nice, eh?

I mentioned earlier that this script could be accomplished in four lines, and here it is:

$wc = New-Object System.Net.WebClient
$wc.DownloadFile("", "d:\scep\incoming\mpam-fe.exe")
$wc.DownloadFile("", "d:\scep\incoming\mpam-d.exe")
$wc.DownloadFile("", "d:\scep\incoming\nis_full.exe")

There you go. I hope someone finds this useful, and remember, automate all the things.

About the Author

has posted a total of 190 articles.

Comments On This Post

No comments on this post yet!

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links