Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


May 2007

Forefront Client Security

Microsoft goes all out with this technology-heavy product
From the May 2007 Edition
of Windows IT Pro
Jeff Fellinge
Feature
InstantDoc #95504
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Products / Software Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

You'll notice two new programs: Forefront Client Security, which is the actual client installed on the Forefront Client Security server, and Forefront Client Security Console, which is your primary interface for managing the application. Launching the Console for the first time invokes a wizard that takes you through the rest of the configuration.

When configuration is complete, you'll see the Forefront Client Security management console, which Figure 1 shows. The console shows the status of the computers in your environment. On the Dashboard tab, you can immediately assess your security state, including seeing how many computers you're currently managing and their status, such as whether they have malware or vulnerabilities, whether their policies are out of date, and whether any alerts have been generated. You can access rich reports from the right side of the console, including summaries of alerts, malware, and security state.

Creating a policy. After you install the server components, you need to create a policy to define how to protect clients and to schedule scans and definition updates. It's best to create this policy before you deploy the agent software, so the agents will use your policy right away and not the default policy, which might schedule scans at a frequency and coverage level that doesn't suit the needs of your business.

You can create separate policies for servers and workstations, each with its own scan schedule and configuration. From the management console, click the Policy Management tab and select New. Enter a name for the policy and click the Protection tab, which Figure 2 shows. Here you define how Forefront Client Security should protect clients. I really like how Microsoft implemented the scheduling options. For example, you can schedule a full malware scan to occur every week and schedule quick scans, which check the registry and common locations where malware is often installed, to occur every few hours. You can also schedule a security state assessment scan, which differs from a malware scan in that it checks for missing updates and common security misconfigurations.

Options on the Advanced tab let you configure how to handle quarantined files and exclude certain files or folders from scans. You can also tweak your users' privileges on the client. For example, you can allow users to enable or disable virus or malware protection, and you can specify whether users can schedule their own scans. You can even let users respond to prompts, or you can choose to limit that privilege to administrators.

After you've created your policy, you must deploy it. Forefront Client Security lets you assign policies to organizational units (OUs) and security groups and configure a policy for implementation via a registry (.reg) file that runs directly on a client.

Installing the client software. The Forefront Client Security agent software can be installed on Windows 2003 R2, Windows 2003 SP1, Windows XP SP2, or Windows 2000 SP4 systems that have all security updates installed. All other antivirus and antispyware software must be uninstalled. You must also install Windows Update Agent 2.0 and Windows Installer 3.1 on XP and Win2K systems before you install the client. This requirement might complicate your deployment plans a bit.

To install the client software, copy the contents of the Client directory from the Forefront Client Security CD-ROM to the client computer. The setup program will install the MOM client installation program and the Forefront Client Security agent. Run ClientSetup.exe, using the /MS parameter to specify the name of the MOM management server and the /CG parameter to specify the name of the MOM configuration group. If you wanted to install the Forefront Client Security server components on a single server named mfcs.security.local, for example, you would run the following ClientSetup command: 

ClientSetup.exe 
  /MS mfcs.security.local 
  /CG ForefrontClientSecurity

Next, you must approve the client installation in the MOM console. (Alternatively, you can wait an hour, which is the default time for all pending installations to be automatically approved.) On the server where you installed the MOM console, click Start, All Programs, and launch the MOM 2005 Administrator Console. In the console's left pane, navigate to Administration, Computers, Pending Actions. In the right pane, right-click the name of the client computer and approve the manual installation. You can create your own logon script or use Microsoft Systems Management Server (SMS) or a third-party software management program such as LANDesk Software's LANDesk Management Suite to deploy clients, but you must create your own deployment package.

Make sure your clients are configured to pull their updates from the Forefront Client Security WSUS server so they'll receive the Forefront Client Security malware definitions. In addition to conducting on-demand and scheduled scans for malicious software, the Forefront Client Security client agent assesses the security configuration of the host computer. Configuration checks that the client agent can do include ensuring that Automatic Updates is enabled; checking whether anonymous connections are restricted or whether autologon is enabled; enumerating administrators groups; examining password expiration parameters; checking that NTFS is used; confirming that the guest account is disabled; identifying whether any "unnecessary services" are installed, such as WWW, FTP, SMTP or Telnet; and validating that security updates are applied. The client reports alerts to the Forefront Client Security server, where you can view the status of all your systems from a single console.

Navigating the Client
After you install the agent, log on to the client; navigate to All Programs, Microsoft Forefront; and run Forefront Client Security. Use the buttons at the top of the client interface to start a quick scan or a full scan, or to start a custom scan, which lets you select specific drives or folders to scan. The History button lets you review past actions, such as which suspicious items you've allowed to run and which have been quarantined. The Tools menu lets you review the quarantined-items list and set program options such as when to automatically scan a computer and how to handle alerts.

   Previous  1  [2]  3  Next 


Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Learning Path To learn more about Microsoft Forefront Client Security
"Microsoft Security Comes to the Forefront"

"Forefront: Safety Belts for Windows"


Microsoft Resources
"Microsoft Forefront Client Security"

"Microsoft Forefront Client Security Technical Library"
Top Viewed ArticlesView all articles
Accessing Database Data with ADO

...

The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...

WinInfo Short Takes: Week of September 1, 2008

An often irreverent look at some of the week's other news, including a very late short takes, screwy Microsoft patents, AT&T's competitors are smelling blood in the water, Nintendo keeps rocking and rolling, Dell, Steve Jobs not-so-RIP, and so much more ...
Related Articles Microsoft Forefront Security for Exchange Server
Security Whitepapers Protecting (You and) Your Data with Exchange Server 2007

Extended Validation SSL Certificates

Unauthorized applications: Taking back control
Related Events Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.

Job Openings in IT

ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Maximize your SharePoint Investment – 8 Cities
Discover best practices and tips for both architecting and administering SharePoint. Early Bird Price of $99 through Sept 15th.

Find a new job now on the all new IT Job Hound!
Search jobs, post your resume, and set up job e-mail alerts!

Master SharePoint with 3 eLearning Seminars
Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!

Top Tools for Virtualization Disaster Recovery & Replication
View this web seminar on August 14th to learn about two tools that will result in faster backup and restore with P2V disaster recovery.

SharePointConnections Conference Fall 2008
Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).

VMworld 2008 - Sign Up Today!
Join your peers on September 15-18 at The Venetian Hotel in Las Vegas as VMware hosts VMworld 2008, the leading Virtualization event.



Increase Application Performance
Free White Paper by Editor's Best winner, Texas Memory Systems.

Microsoft® Tech•Ed EMEA 2008 IT Professionals
Advance your thinking with new ideas and practical real-world solutions at Microsoft’s FIVE day technical infrastructure conference 3-7 Nov., 2008. Register before 26 September 2008 to save €300.

Order Your SQL Fundamentals CD Today!
Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

Are You Really Compliant with Software Regulations?
View this web seminar that will help you with compliance best practices and check out a management solution to assure that you won’t be in jeopardy of an audit.

Virtualization Congress Oct. 14-16 in London
Don't miss Virtualization Congress, the premiere EMEA conference dedicated to hardware, OS and application virtualization. Oct. 14-16.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technical Resources Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing