Merging Settings from Multiple Policy Files

Applies To: Forefront Endpoint Protection

You can merge policy settings from one or more FEP policies into a single Group Policy object (GPO). This is helpful when you have settings contained in multiple FEP policies and you would like to combine those policy settings in order to configure clients by using Group Policy. In order to merge FEP policies to a single GPO, you must use the Forefront Endpoint Protection Group Policy Tool. For information about how to obtain and extract this tool, see Converting FEP Policies to Group Policy.


When you merge multiple policies to a single GPO, the order in which you merge the policies will affect the outcome of the effective policy. In other words, if you merge three policies that contain conflicting settings for a particular feature, the settings in the last policy that you merge will overwrite any conflicting settings that are already merged or contained in the GPO.

Merging FEP policy settings from multiple FEP policy files into a GPO

  1. Double-click fep2010gptool.exe to open the Forefront Endpoint Protection Group Policy Tool.

  2. On the Import tab, select the Domain and the name of the GPO in that domain that you want to populate with preconfigured FEP policy settings.

  3. Click Select Policy File. Locate and select the .xml policy file that contains the settings that you want to import to GPO.


    Verify that the .xml policies files were not obtained as part of the FEPServerRolePoliciesForUseWithConfigMgrUI.exe downloaded package. Merging the preconfigured policy files created for Configuration Manager is not supported.

  4. If this is the first policy that you are merging and there are no FEP policy settings that you want to retain that already exist in the selected GPO, select the Clear existing Forefront Endpoint Protection settings before import check box.

    By selecting this check box, all of the FEP policy settings are cleared in the target GPO. Clearing all of the previous policy settings ensures that only the FEP settings that are contained in this policy will be present in the target GPO settings. However, if this is not the first policy that you have merged to the selected GPO and you want to retain the existing settings contained in that GPO, ensure that the check box is not selected. Selecting the check box will clear any previously configured FEP policy settings that are contained in that GPO.


    Merging policy settings by using the Forefront Endpoint Protection Group Policy Tool does not affect or impact the source FEP policy file.

  5. Click Apply to merge the policy settings to the GPO.

  6. Repeat the previous step in order to merge additional settings contained in FEP policies to the selected GPO.