Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


May 2007

Forefront Client Security

Microsoft goes all out with this technology-heavy product
From the May 2007 Edition
of Windows IT Pro
Jeff Fellinge
Feature
InstantDoc #95504
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Products / Software Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

You'll notice two new programs: Forefront Client Security, which is the actual client installed on the Forefront Client Security server, and Forefront Client Security Console, which is your primary interface for managing the application. Launching the Console for the first time invokes a wizard that takes you through the rest of the configuration.

When configuration is complete, you'll see the Forefront Client Security management console, which Figure 1 shows. The console shows the status of the computers in your environment. On the Dashboard tab, you can immediately assess your security state, including seeing how many computers you're currently managing and their status, such as whether they have malware or vulnerabilities, whether their policies are out of date, and whether any alerts have been generated. You can access rich reports from the right side of the console, including summaries of alerts, malware, and security state.

Creating a policy. After you install the server components, you need to create a policy to define how to protect clients and to schedule scans and definition updates. It's best to create this policy before you deploy the agent software, so the agents will use your policy right away and not the default policy, which might schedule scans at a frequency and coverage level that doesn't suit the needs of your business.

You can create separate policies for servers and workstations, each with its own scan schedule and configuration. From the management console, click the Policy Management tab and select New. Enter a name for the policy and click the Protection tab, which Figure 2 shows. Here you define how Forefront Client Security should protect clients. I really like how Microsoft implemented the scheduling options. For example, you can schedule a full malware scan to occur every week and schedule quick scans, which check the registry and common locations where malware is often installed, to occur every few hours. You can also schedule a security state assessment scan, which differs from a malware scan in that it checks for missing updates and common security misconfigurations.

Options on the Advanced tab let you configure how to handle quarantined files and exclude certain files or folders from scans. You can also tweak your users' privileges on the client. For example, you can allow users to enable or disable virus or malware protection, and you can specify whether users can schedule their own scans. You can even let users respond to prompts, or you can choose to limit that privilege to administrators.

After you've created your policy, you must deploy it. Forefront Client Security lets you assign policies to organizational units (OUs) and security groups and configure a policy for implementation via a registry (.reg) file that runs directly on a client.

Installing the client software. The Forefront Client Security agent software can be installed on Windows 2003 R2, Windows 2003 SP1, Windows XP SP2, or Windows 2000 SP4 systems that have all security updates installed. All other antivirus and antispyware software must be uninstalled. You must also install Windows Update Agent 2.0 and Windows Installer 3.1 on XP and Win2K systems before you install the client. This requirement might complicate your deployment plans a bit.

To install the client software, copy the contents of the Client directory from the Forefront Client Security CD-ROM to the client computer. The setup program will install the MOM client installation program and the Forefront Client Security agent. Run ClientSetup.exe, using the /MS parameter to specify the name of the MOM management server and the /CG parameter to specify the name of the MOM configuration group. If you wanted to install the Forefront Client Security server components on a single server named mfcs.security.local, for example, you would run the following ClientSetup command: 

ClientSetup.exe 
  /MS mfcs.security.local 
  /CG ForefrontClientSecurity

Next, you must approve the client installation in the MOM console. (Alternatively, you can wait an hour, which is the default time for all pending installations to be automatically approved.) On the server where you installed the MOM console, click Start, All Programs, and launch the MOM 2005 Administrator Console. In the console's left pane, navigate to Administration, Computers, Pending Actions. In the right pane, right-click the name of the client computer and approve the manual installation. You can create your own logon script or use Microsoft Systems Management Server (SMS) or a third-party software management program such as LANDesk Software's LANDesk Management Suite to deploy clients, but you must create your own deployment package.

Make sure your clients are configured to pull their updates from the Forefront Client Security WSUS server so they'll receive the Forefront Client Security malware definitions. In addition to conducting on-demand and scheduled scans for malicious software, the Forefront Client Security client agent assesses the security configuration of the host computer. Configuration checks that the client agent can do include ensuring that Automatic Updates is enabled; checking whether anonymous connections are restricted or whether autologon is enabled; enumerating administrators groups; examining password expiration parameters; checking that NTFS is used; confirming that the guest account is disabled; identifying whether any "unnecessary services" are installed, such as WWW, FTP, SMTP or Telnet; and validating that security updates are applied. The client reports alerts to the Forefront Client Security server, where you can view the status of all your systems from a single console.

Navigating the Client
After you install the agent, log on to the client; navigate to All Programs, Microsoft Forefront; and run Forefront Client Security. Use the buttons at the top of the client interface to start a quick scan or a full scan, or to start a custom scan, which lets you select specific drives or folders to scan. The History button lets you review past actions, such as which suspicious items you've allowed to run and which have been quarantined. The Tools menu lets you review the quarantined-items list and set program options such as when to automatically scan a computer and how to handle alerts.

   Previous  1  [2]  3  Next 


Learning Path To learn more about Microsoft Forefront Client Security
"Microsoft Security Comes to the Forefront"

"Forefront: Safety Belts for Windows"


Microsoft Resources
"Microsoft Forefront Client Security"

"Microsoft Forefront Client Security Technical Library"
Top Viewed ArticlesView all articles
WinInfo Short Takes: Week of November 9, 2009

An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

Windows 7 Sets Sales Record

Microsoft CEO Steve Ballmer described Windows 7's first ten days of sales as "fantastic" while in Japan yesterday. ...
Related Articles Microsoft Forefront Security for Exchange Server
Security Whitepapers Reducing the Costs and Risks of Branch Office Data Protection

Solving Desktop Management Challenges in Healthcare

Solving Desktop Management Challenges in Education
Related Events WinConnections and Microsoft® Exchange Connections

Deep Dive into Windows Server 2008 R2 presented by John Savill

Introduction to Identity Lifecycle Manager "2"

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
EMC SAN vs. DAS Exchange 2007 Calculator
Calculate your savings now!

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Disaster Recovery Strategies – Tips and Tricks
Determine how you can achieve your DR objectives as simply and cost-effectively as possible.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement