fcs deployment tool userguide

7/29/2019 FCS Deployment Tool Userguide

1/14

Microsoft Forefront Client Security

Deployment ModuleUser Guide

Published: June 2008

Version: 1.00 (Build 1007)

Written by: Yaniv Feldman ([email protected])
mailto:[email protected]:[email protected]


2/14

Information in this document, including URL and other Internet Web site references, is subject to change

without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail

addresses, logos, people, places, and events depicted.

In examples herein are fictitious, and no association with any real company, organization, product,domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights

under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval

system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or

otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property

rights covering subject matter in this document. Except as expressly provided in any written license

agreement from Microsoft, the furnishing of this document does not give you any license to these

patents, trademarks, copyrights, or other intellectual property.

2008 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Excel, Forefront, Windows, Windows Server, and Windows Vista are either

registered trademarks or trademarks of Microsoft Corporation in the United States and/or other

countries.


3/14

Contents

Contents..................................................................................................................................3

Introduction.............................................................................................................................4

Installation..............................................................................................................................5

Pre-Requisites for FCS Deployment Tool........................................................................5

Pre-Requisites for Client Deployment.............................................................................5

Installation Procedure........................................................................................................5

User Interface.........................................................................................................................6

Microsoft FCS Deployment Start-up screen...................................................................6

Configure Deployment Options.......................................................................................7

Client Installation Shares..............................................................................................7

Installation Account Settings........................................................................................7

Simultaneous Installation Threads..............................................................................8

Collection Server.............................................................................................................8

Management Group........................................................................................................8

Import Computers..............................................................................................................9

Import Computers Wizard.............................................................................................9

Select Computers from the network..........................................................................10

............................................................................................................................................11

Select Active Directory Organizational Unit.............................................................11

Select Computers from Active Directory.................................................................12

FCS Deployment Tool console After computers import..........................................13

FCS Deployment Tool console After computers import......................................13

FCS Deployment additional information..........................................................................14


4/14

Introduction

Forefront Client Security (FCS) is an Anti-Malware application developed byMicrosoft and it is currently running in its first version.

Read this guide if you want:

Deploy FCS (Forefront Client Security) using FCS Deployment tool.

For more detailed information about Client Security deployment and features, see

the

Client Security Deployment Guide(http://go.microsoft.com/fwlink/?

LinkId=86998) and the Client Security Administrator's Guide

(http://go.microsoft.com/fwlink/?LinkId=86997).

This User Guide provides a brief introduction to Forefront Client Security

Deployment tool, including an overview of the user interface and high-level

features, and links to other resources for getting help with the product.

The Forefront Client Security Deployment Tool is a free toolkit that is meant to

provide additional deployment capabilities in addition to those who are available

with the original FCS product. This utility gives network and security administrators

the ability to scan their network and/or AD, discover existing solutions that are

already installed on their clients, uninstall the existing solution and install FCS

Client all in one.

This is tool is a free utility and was not developed my Microsoft. It is not supported

by Microsoft in anyway.
http://go.microsoft.com/fwlink/?LinkId=86998http://go.microsoft.com/fwlink/?LinkId=86998http://go.microsoft.com/fwlink/?LinkId=86997http://go.microsoft.com/fwlink/?LinkId=86998http://go.microsoft.com/fwlink/?LinkId=86998http://go.microsoft.com/fwlink/?LinkId=86997


5/14

Installation

Pre-Requisites for FCS Deployment Tool

The following pre-requisites must exist on the computer where you want run theFCS Deployment Tool on:

1. Forefront Client Security Server Infrastructure Deployed and functioning.

2. .net Framework 2.0

3. .net Framework 3.0

In addition to those pre-requisites, you should make sure you also have the

following available before starting the deployment operation:

1. Shared directory with 32bit FCS Client Installation files.

2. Shared directory with 64bit FCS Client Installation files.

3. User with administrative privileges on all designated deployment targets

(computers).

Pre-Requisites for Client Deployment1. Make sure Client Pre-Requisites exists on all deployment designated targets

(the deployment tool only installs the XP mini-filter incase that it is

missing):

a. Windows Vista: No Pre-Requisites.

b. Windows XP: Service Pack 2 and above, Windows Update Agent 2.0,

Windows Installer 3.1

c. Windows 2000: Service Pack 4 and above, GDI+ Hotfix, Windows

Update Agent 2.0, Windows Installer 3.1

2. Disable all Client removal protection - This means that you must disable all

password protection or enforcement features on your current Anti-VirusSolution before you will be able to use the deployment tool.

3. Connectivity FCS Deployment Tool uses RPC and NetBIOS to deploy the

FCS Client Agents. There for it needs ports 135,137,139. Our

recommendation is to disable client firewall for the target deployments up

until the deployment is finished.

Installation ProcedureExtract the Zip file into a specified folder on the management server and click

Microsoft.FSC.deployment.exe to activate the tool.


6/14

User Interface

The FCS Deployment tool's User interface if provided as a single wizard guided

console.

Microsoft FCS Deployment Start-up screen

This screen is used FCS Client Deployment default start-up screen. In order tobegin the deployment process, you should click the "Configure Deployment

Options" button on the upper left corner of the screen.


7/14

Configure Deployment Options

Client Installation Shares

32bit Client this text box should contain the full path (UNC Share) to thedirectory that contains the bits for the 32bit client of FCS. The directoryshould contain the following files: clientsetup.exe, mp_ambits.msi,fcsssa.msi, momagent.msi and a localized version of 914882kb (xp mini-

filter hotfix.(

b- this text box should contain the full path (UNC Share) to the directorythat contains the bits for the 64bit client of FCS. The directory shouldcontain the following files: clientsetup.exe, mp_ambits.msi, fcsssa.msi,

momagent.msi and a localized version of 914882kb (xp mini-filter hotfix.(

Note: usually, the 64bit folder will be located under the 32bit share and will becalled x64 (this is the case if you copy the client folder from the FCS media into a

local folder and share it.(

Installation Account Settings

Username This text box should contain a username (in the format of

DOMAIN\Username) of a user that has administrative privileges on thetarget machines.


8/14

Password this text box should contain the password of the installationuser account.

Simultaneous Installation Threads

This text box allows you to determine that amount of process that will run

simultaneously on the deployment process. The amount of process is limited upto 50 threads in order to maintain network and server stability. By selecting anamount of threads you wish to run on parallel, and deploying to a larger group oftarget machines, the process creates a queue for the rest of the computers andstarts that deployment process on the next machine in the list as soon as the first

one is over (FIFO.(

Collection Server

This field should contain the FQDN (fully qualified domain name) of the collectionserver that you wish the FCS client will report to.

Note: in case you have a one-server topology, this will be also the management

server. In case you have a more than one server topology, make sure you writename of the collection server and not the management server.

Management Group

This field should contain the management group name. by default, the MG name

should be "ForefrontClientSecurity", unless it was changed when you installed the

FCS server.


9/14

Import Computers

Import Computers Wizard

This wizard gives you 3 options for selecting you deployment targets:

Select Computers from the network This option tell FCS to scan yournetwork neighborhood and gives you a list of computers found to choose

from.

Select all computers from an Active Directory Organizational Unit

This option gives you a choice of Active Directory OU's to choose from.Once you have chosen a specific OU, all computer accounts within will be

selected as deployment targets.

Select specific computers from Active Directory this options allowsyou to choose specific computers by searching for computer accounts in

Active Directory.

After selecting an option, click next to move to the next phase of the wizard.


10/14

Select Computers from the network

On the right side of the window, you can find the list of computers that has beendetected from your network neighborhood.

On the left side of the window, you can find the list of deployment targets.

Select computers from the right list and click the "add" button in order to makethe selected computers part of the deployment target list.

Select computers from the left list and click the "remove" button in order to

remove the selected computers from the deployment target list.Once finished selecting deployment targets, click the finish button in order to

begin import the list of computers to FCS Client deployment console.


11/14

Select Active Directory Organizational Unit

In this window, you can choose a specific Organizational Unit from the localActive Directory Domain. After selecting and OU, click finish and all the computeraccount within the selected OU will be imported to the FCS client deployment

console as deployment Targets.


12/14

Select Computers from Active Directory

This window allows you to search for computer accounts by name in activedirectory, and add them to the deployment target list in the FCS clientdeployment console.

You have two options for selecting the computer account:

-Type the selected computer name and click the "check names" button.Repeat this process until adding all selected computers.

-Click the advanced button, and then click search. From the list that opens,select computer accounts that you wish to deploy FCS client on, and click OK.


13/14

FCS Deployment Tool console After computers import

FCS Deployment Tool console After computers importAt this stage, on the screen, you resume the list of target machines with status,

but now the Deploy, Stop and Reset deployment operations are available.

In case you receive a message of an offline host, check for firewall settings onthe host computer to see if it allows RPC and WMI communications. The simplestway to troubleshoot this is to turn the firewall off to see if that has an effect on

the status checking process.

Deploy this button begin a deployment operation that includes the followingstages:

1(Connecting to the target machine.

2(Uninstalling Existing Antivirus solution.

3(Installing Forefront Client Security Client Agents on the target machine.

Stop this button stops the deployment operation. Once the operation isstopped, it cannot be resumed, and a new operation has to be started. When youclick the stop button, the deployment process will not stop immediately, but onlyclear the remaining target machines in the queue. It will still try to finish the

deployment process currently running on some machines.

Reset deployment Operation this button resets the deployment operation and

clears all target deployment machines from memory. This button puts back to the

initial screen of the client deployment tab.


14/14

FCS Deployment additionalinformation

Client Security is designed to protect computers running the Windows Vista,Microsoft Windows Server 2003, Windows 2000 Server, and Windows XP and

Windows Server 2008 operating systems. For more information, see Client

Security System Requirements(http://go.microsoft.com/fwlink/?LinkID=77561).

Your topology decision should be based on several factors, including the number

of clients in your environment, your hardware budget, and reporting requirements.

Before you install Client Security, it is highly recommended that you read the

Client Security Planning and Architecture Guide

(http://go.microsoft.com/fwlink/?LinkId=87275). The Planning and Architecture

Guide contains detailed information that can help you make your deployment

decisions.

Before installing Client Security server components, you should verify that the

appropriate network ports are open on any server firewall. In some cases, firewalls

between Client Security servers should be disabled. For details about preparing for

and deploying Client Security, see the Client Security Deployment Guide(http://go.microsoft.com/fwlink/?LinkId=86998).
http://go.microsoft.com/fwlink/?LinkID=77561http://go.microsoft.com/fwlink/?LinkId=87275http://go.microsoft.com/fwlink/?LinkId=86998http://go.microsoft.com/fwlink/?LinkID=77561http://go.microsoft.com/fwlink/?LinkId=87275http://go.microsoft.com/fwlink/?LinkId=86998

fcs deployment tool userguide

Documents