Anda di halaman 1dari 14

Microsoft Forefront Client Security Deployment Module User Guide

Published: June 2008 Version: 1.00 (Build 1007) Written by: Yaniv Feldman (yaniv@dbnet.co.il)

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted. In examples herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2008 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Excel, Forefront, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Contents
3.................................................................................................................................. Contents 4............................................................................................................................. Introduction 5.............................................................................................................................. Installation 5........................................................................ Pre-Requisites for FCS Deployment Tool 5............................................................................. Pre-Requisites for Client Deployment 5........................................................................................................ Installation Procedure 6......................................................................................................................... User Interface 6................................................................... Microsoft FCS Deployment Start-up screen 7....................................................................................... Configure Deployment Options 7.............................................................................................. Client Installation Shares 7........................................................................................ Installation Account Settings 8.............................................................................. Simultaneous Installation Threads 8............................................................................................................. Collection Server 8........................................................................................................ Management Group 9.............................................................................................................. Import Computers 9............................................................................................. Import Computers Wizard 10.......................................................................... Select Computers from the network 11............................................................................................................................................ 11............................................................. Select Active Directory Organizational Unit 12................................................................. Select Computers from Active Directory 13.......................................... FCS Deployment Tool console After computers import 13......................................FCS Deployment Tool console After computers import 14.......................................................................... FCS Deployment additional information

Introduction
Forefront Client Security (FCS) is an Anti-Malware application developed by .Microsoft and it is currently running in its first version Read this guide if you want: Deploy FCS (Forefront Client Security) using FCS Deployment tool.

For more detailed information about Client Security deployment and features, see the Client Security Deployment Guide (http://go.microsoft.com/fwlink/? LinkId=86998) and the Client Security Administrator's Guide (http://go.microsoft.com/fwlink/?LinkId=86997). This User Guide provides a brief introduction to Forefront Client Security Deployment tool, including an overview of the user interface and high-level features, and links to other resources for getting help with the product. The Forefront Client Security Deployment Tool is a free toolkit that is meant to provide additional deployment capabilities in addition to those who are available with the original FCS product. This utility gives network and security administrators the ability to scan their network and/or AD, discover existing solutions that are already installed on their clients, uninstall the existing solution and install FCS Client all in one. This is tool is a free utility and was not developed my Microsoft. It is not supported by Microsoft in anyway.

Installation
Pre-Requisites for FCS Deployment Tool
The following pre-requisites must exist on the computer where you want run the FCS Deployment Tool on: 1. Forefront Client Security Server Infrastructure Deployed and functioning. 2. .net Framework 2.0 3. .net Framework 3.0 In addition to those pre-requisites, you should make sure you also have the following available before starting the deployment operation: 1. Shared directory with 32bit FCS Client Installation files. 2. Shared directory with 64bit FCS Client Installation files. 3. User with administrative privileges on all designated deployment targets (computers).

Pre-Requisites for Client Deployment


1. Make sure Client Pre-Requisites exists on all deployment designated targets (the deployment tool only installs the XP mini-filter incase that it is missing): a. Windows Vista: No Pre-Requisites. b. Windows XP: Service Pack 2 and above, Windows Update Agent 2.0, Windows Installer 3.1 c. Windows 2000: Service Pack 4 and above, GDI+ Hotfix, Windows Update Agent 2.0, Windows Installer 3.1 2. Disable all Client removal protection - This means that you must disable all password protection or enforcement features on your current Anti-Virus Solution before you will be able to use the deployment tool. 3. Connectivity FCS Deployment Tool uses RPC and NetBIOS to deploy the FCS Client Agents. There for it needs ports 135,137,139. Our recommendation is to disable client firewall for the target deployments up until the deployment is finished.

Installation Procedure
Extract the Zip file into a specified folder on the management server and click Microsoft.FSC.deployment.exe to activate the tool.

User Interface
The FCS Deployment tool's User interface if provided as a single wizard guided console.

Microsoft FCS Deployment Start-up screen

This screen is used FCS Client Deployment default start-up screen. In order to begin the deployment process, you should click the "Configure Deployment .Options" button on the upper left corner of the screen

Configure Deployment Options

Client Installation Shares


32bit Client this text box should contain the full path (UNC Share) to the directory that contains the bits for the 32bit client of FCS. The directory should contain the following files: clientsetup.exe, mp_ambits.msi, fcsssa.msi, momagent.msi and a localized version of 914882kb (xp mini.(filter hotfix b- this text box should contain the full path (UNC Share) to the directory that contains the bits for the 64bit client of FCS. The directory should contain the following files: clientsetup.exe, mp_ambits.msi, fcsssa.msi, .(momagent.msi and a localized version of 914882kb (xp mini-filter hotfix

Note: usually, the 64bit folder will be located under the 32bit share and will be called x64 (this is the case if you copy the client folder from the FCS media into a .(local folder and share it

Installation Account Settings


Username This text box should contain a username (in the format of DOMAIN\Username) of a user that has administrative privileges on the .target machines

Password this text box should contain the password of the installation .user account

Simultaneous Installation Threads


This text box allows you to determine that amount of process that will run simultaneously on the deployment process. The amount of process is limited up to 50 threads in order to maintain network and server stability. By selecting an amount of threads you wish to run on parallel, and deploying to a larger group of target machines, the process creates a queue for the rest of the computers and starts that deployment process on the next machine in the list as soon as the first .(one is over (FIFO

Collection Server
This field should contain the FQDN (fully qualified domain name) of the collection .server that you wish the FCS client will report to Note: in case you have a one-server topology, this will be also the management server. In case you have a more than one server topology, make sure you write .name of the collection server and not the management server

Management Group
This field should contain the management group name. by default, the MG name should be "ForefrontClientSecurity", unless it was changed when you installed the FCS server.

Import Computers

Import Computers Wizard


:This wizard gives you 3 options for selecting you deployment targets Select Computers from the network This option tell FCS to scan your network neighborhood and gives you a list of computers found to choose .from Select all computers from an Active Directory Organizational Unit This option gives you a choice of Active Directory OU's to choose from. Once you have chosen a specific OU, all computer accounts within will be .selected as deployment targets Select specific computers from Active Directory this options allows you to choose specific computers by searching for computer accounts in .Active Directory

.After selecting an option, click next to move to the next phase of the wizard

Select Computers from the network


On the right side of the window, you can find the list of computers that has been .detected from your network neighborhood .On the left side of the window, you can find the list of deployment targets Select computers from the right list and click the "add" button in order to make .the selected computers part of the deployment target list Select computers from the left list and click the "remove" button in order to .remove the selected computers from the deployment target list Once finished selecting deployment targets, click the finish button in order to .begin import the list of computers to FCS Client deployment console

Select Active Directory Organizational Unit


In this window, you can choose a specific Organizational Unit from the local Active Directory Domain. After selecting and OU, click finish and all the computer account within the selected OU will be imported to the FCS client deployment .console as deployment Targets

Select Computers from Active Directory


This window allows you to search for computer accounts by name in active directory, and add them to the deployment target list in the FCS client .deployment console :You have two options for selecting the computer account Type the selected computer name and click the "check names" button. .Repeat this process until adding all selected computers Click the advanced button, and then click search. From the list that opens, .select computer accounts that you wish to deploy FCS client on, and click OK -

FCS Deployment Tool console After computers import

FCS Deployment Tool console After computers import


At this stage, on the screen, you resume the list of target machines with status, .but now the Deploy, Stop and Reset deployment operations are available In case you receive a message of an offline host, check for firewall settings on the host computer to see if it allows RPC and WMI communications. The simplest way to troubleshoot this is to turn the firewall off to see if that has an effect on .the status checking process Deploy this button begin a deployment operation that includes the following :stages .Connecting to the target machine .Uninstalling Existing Antivirus solution .Installing Forefront Client Security Client Agents on the target machine Stop this button stops the deployment operation. Once the operation is stopped, it cannot be resumed, and a new operation has to be started. When you click the stop button, the deployment process will not stop immediately, but only clear the remaining target machines in the queue. It will still try to finish the .deployment process currently running on some machines Reset deployment Operation this button resets the deployment operation and clears all target deployment machines from memory. This button puts back to the initial screen of the client deployment tab. (1 (2 (3

FCS Deployment additional information


Client Security is designed to protect computers running the Windows Vista, Microsoft Windows Server 2003, Windows 2000 Server, and Windows XP and Windows Server 2008 operating systems. For more information, see Client Security System Requirements (http://go.microsoft.com/fwlink/?LinkID=77561). Your topology decision should be based on several factors, including the number of clients in your environment, your hardware budget, and reporting requirements. Before you install Client Security, it is highly recommended that you read the Client Security Planning and Architecture Guide (http://go.microsoft.com/fwlink/?LinkId=87275). The Planning and Architecture Guide contains detailed information that can help you make your deployment decisions. Before installing Client Security server components, you should verify that the appropriate network ports are open on any server firewall. In some cases, firewalls between Client Security servers should be disabled. For details about preparing for and deploying Client Security, see the Client Security Deployment Guide
(http://go.microsoft.com/fwlink/?LinkId=86998).