FCS Suggestions
- I have some suggestions as to the new version of FCS (if it´s not too late):
- Allow the old right click scan now option on files and folders (obvious)
- Upon choosing to undeploy a policy, would be excellent if it didn´t remove the policy from every one of the OU`s it has associated
- Support for renaming a policy which has been created
- Ability to run a full scan from a report and not only from the Scan Now button
- Ability to search for a computer's status directly from the FCS console and not from the MOM console
- Why, with group policy, allow a client to automatically install updates once a day maximum if the WSUS server is synchronizing the latest updates up to 24 hours a day? In the worst of scenarios, a client could be 23 hours and 59 minutes out of date - what is the point of allowing the WSUS server to synchronize so frequently? Add to that up to 3 tiers of WSUS servers, and the GPO refresh interval, and the potential delay could be well over a day.....
Thanks!
- Edited byjohnny mango Friday, June 27, 2008 4:55 AMAdded another comment
All Replies
- Hi Johnny,
FCS scan in real time old task, start and stop services, install and uninstall programs and drivers, downloads, auto starts, systems configurations, internet browser add-ons, applications executions and others, all in real time.
Yes, must allos renaming a policies
You can scan a selected computer through FCS Console
The policies must manage through FCS console, otherwise lose consistency
You can search computer status through SQL reporting Services Web Page
When you install th FCS distribution server role in WSUS, the sync from WSUS to Microsoft Update is each hour
I hope this will work you... As I see it there are two huge problems with Forefront today.
1. Centralized management is at best a mess, and lacks much in general. Huge improvements in ease to use, reports and monitoring and control from the central management have to be done. I belive most of this have been adressed in Stirling, at least from what I have seen of videos and labs.
2. WSUS isn't telling the clients and servers when there is updates available! When the clients and servers in huge networks they have to ask, maby up to 24 times a day for updates. There will be huge amounts of unneccessary data flowing. This can be a big factor depending, of the number of operative systems and the frequency of the update check. Why have not Microsoft implemented a way of telling the WSUS to contact groups of computers, og individual computers when updates for they're product is available? This problem could very well be a showstopper for larger companies.
*EDIT*
Posted this in the general forum as well. More relevant there I guess
- Edited byMr Haugen Friday, August 22, 2008 11:46 AMDuplicate post/reply
- 1) Centralized Management: I'd be interested in some specifics of the 'mess' you see in FCS v1. That would help in understanding if the improvements you are looking for are going to be in Stirling or not?
2) WSUS/push model: if WSUS pushed out a notification, then you'd have a huge number of machines attempting to sync at the same time, which can knock out the WSUS server. Also, the check for updates is really not a large transaction, and shouldn't overburden the network that much
Thanks
Chris
Forefront Stirling PM
Chris Sfanos / Forefront PM - I'll add to this my list of problems with FCS:
- Lack of documentation and guides: Did you know that machines will stop getting WSUS and therefor FCS updates if the Genuine Advantage tool is not installed and working? We didn't until opening a support case with Microsoft.
- Too many dependencies: AD, SQL, MOM, WSUS, Genuine Advantage, etc. Most places a support desk person can handle the AV administration, with FCS you need a sys admin, a DBA, someone from the support desk etc.
- Lack of Configuration options: Need multiple schedules for scanning, maybe a quick scan during the week and a full on the weekend, sorry about your luck unless you want to do it with scripts. How about enabling realtime scanning only on write so that read performance isn't hurt on your file server, nope not an option.
- Coordination between FCS teams and other Microsoft teams. I place a call to support for a server issue, they ask for specific AV settings to be made, FCS does offer any of those options so I am left basically just disabling av on that server.
- Hi Johnny,
- FCS agent scan in real time all, like autorun, services, drivers, on access, application execution, system configuration, intenter explorer downloads, IE Add-ons, IE Configuration, application registration, windows Add-ons. for this reason FCS not have right click over files and folder.
- When you undeploy the policy, this eliminates from Aall link in ctive Directory, should.
- You are right, the policies must be renamed
- Would be useful scan from a report, more dynamic
- Search computer's status from MOM is more detailed, I think that the MOM console is more useful
- you can modify the "Automatic Update detection frequency" policy, for allow a computer search new update many times per day.
I hope help you, regards...
Edgard Hersen
