Thursday, September 20, 2012 2:05 PM
We have over 2000 PC's joined to our domain. 95% run some version of XP, with various service packs.
1) How could we run an audit report to see current status of AV definitions on all PC's
2) Identify PC's which dont have forefront endpoint protection on them
Aside from that, what else can "go wrong" with forefront endpoint protection that could be checked in an audit, based on past experience. Any issues you come across regularly with this product and subsequent risks.
If you were doing an audit of FEP what areas would you look at?
Thursday, September 20, 2012 5:53 PM
1. You can use the builitn Computer List report which include all computers and which Definition Versions they are using.
2. create collection or report with all computers not having FEP isntalled as reported back by the SCCM HW inventory. You can use a part of the query i use in this example here: http://ccmexec.com/2011/11/forefront-endpoint-protection-and-locally-removed/ Here are som more examples on queries. http://systemmanagement.ro/blog/2011/05/03/collections-with-computers-without-forefront-endpoint-protection-2010-client/
on what can go wrong, I would say that the biggest risk/potential issue is that the SCCM Client isn't working on the clients out there and if it doesn't then you don't know what is happening out there..
Here is a link on how to troubleshoot clients not reporting,, http://blogs.technet.com/b/configurationmgr/archive/2009/08/10/troubleshooting-issues-where-clients-are-not-reporting.aspx
- Marked As Answer by Rick TanModerator Friday, September 28, 2012 8:53 AM