Wednesday, June 02, 2010 2:25 PM
I am trying to install and configure FSC in a one server configuration. This is an extremely complicated undertaking for someone who never used MOM and the learning curve is quite steep. Before I give up and go back to Symantec Endpoint Protection, can someone point me to documentation that decodes all of the MOM-specific stuff that I need to know and that the FCS documentation assumes that I already know?
Specifically, only the FCS server istelf shows up as a managed computer. The other server and client I have installed FCS client software on are never "discovered" by MOM (again, I am guessing that the reason they never show up in the FCS Console is because the discovery process is broken in some way). I assume that the term (undefined by FCS documentation about installation) "Action Account" is used somehow on the client to do whatever needs to happen on the MOM client software for a machine to be discovered, but for the life of me, I can't see how to set the Action Account on a client.
SetActionAccount.exe keeps giving me the syntax back in response to all my attempts to set the action account on a FCS client PC, so that doesn't help. I tried every combination and permutation I could think of without success.
- Edited by SnoBoy Wednesday, June 02, 2010 4:24 PM
Wednesday, June 02, 2010 4:22 PM
Never mind. I just discovered that FCS 2010 is coming out in the summer and that it apparently does away with MOM and users SCCM 2007 (something I already know how to use). I sure hope that this product will be *much* better than 2008, with which I am completely underwhelmed.
My Forefront Client Security 2008 project just got cancelled.
Thursday, June 03, 2010 8:09 AMModerator
Thank you for the post.
I think you may read the following deployment guide and you will find it is easy to use FCS.
Nick Gu - MSFT
Thursday, June 03, 2010 2:37 PM
You have always been responsive to folks on the forums. The following is not directed at you. I hope that someone in the development team will read and take note.
I did read it and I didn't find it *easy* to install and configure. Nothing in the server applications arena that Microsoft makes is *easy* to install.
BTW, I installed and had running Symantec Endpoint Protection in half a day. The first client installed taklked back to the server on the first try. Nothing I have installed from Microsoft in the last 3 or 4 years has gone as smoothly as that, with the exception of Forefront Security for Exchange 2008 (I really thought this was exceptionally easy to install and configure, even though the interface was vastly different from the previous version).
Consider FCS -
- Install OS
- Install .NET 1.1 and SP1
- Install SQL server full version (extra cost software, no other AV software I have used required an extra cost database software)
- Install IIS, etc. (couldn't the FCS installer do this and configure it correctly for its use?)
- Install SQL Server 2005, SP2, patch
- Visual Studio Runtime and SP1 and patch
- Install GPMS and SP1
- Install WSUS
- Patch with WIndows Update
- Then install FCS (at step 10!)
- Configure post - install stuff
- Figure out what an "action account" mentioned in the post-install tasks for SQL server rights, quote, "On the Client Security server, add the action account to the Administrators group."
Then install client manually and have it not be seen by the FCS server. Look around to find out what and Action Account is and muck around with MOM and try to set the "action account" on a client only to have the setactionaccount program fail every time.
Just how do you define easy? This isn't easy, IMHO.
Then you discover that FCS 2010 will dump MOM reliance, which is why I am shelving the project since I will have to tear down everything I have done to install another completely different version. It remains to be seen if it will be easy to install or not.
Now I have to go back to my job and work with getting my Exchange 2010 infrastructure tested and completed.
Saturday, July 03, 2010 7:51 PM
This is actually one of the feedbacks that the Forefront dev team has taken to heart as i have worked with them and installed the next version FEP Forefront Endpoint Protection (SCCM based) and it is really easy to install. It does not even come close to FVS v.1.
The trick with FEP will be to have a healthy SCCM installation because installing FEP won't be a challenge.
MCSE, forefront spec | www.msforefront.com
Monday, July 05, 2010 2:53 PMI just wish it was coming out in time for me not to have to renew Symantec Endpoint Protection. Last I heard it would be a December time frame before it was going to be available, right?
Sunday, July 11, 2010 11:58 AM
The date is not public yet so i don't know, but it's likely to be towards the end of the year. I know the dilemma with license renewals.
Good luck, whatever you decide.
If you need help with Forefront, just post
MCSE, forefront spec | www.msforefront.com
Saturday, July 17, 2010 1:15 AM
The deployment of FEP 2010 will make all of our lives easier, kind of. Now like Johan was saying, if you have a health SCCM deployment and software distribution is working properly and reporting not failing, life is good and easy. The only issue I see, and it's an easy one to see is the customers that do not utilize SCCM currently. Depending on the network setup for a company, SCCM can be quite the task to get pushed out to the network. Once it's out there, so far at least in the CTP 1 and 2 releases of FEP, a quick install, and push of the clients through SCCM and done.
On a side note, FCS can be a burden to get deployed properly if you do not search around the web and find all the little gotchas, example, adding the maxconn:5 switch to server 2008 task scheduler, reading the correct database sizing chart (SystemCenterReporting default at 1 GB almost 99 percent of enterprise deployments is not correct), and all the fun little SQL permissions needed to view reports and history of reports.
As for someone who has worked with and deployed FCS quite a bit, it is quite simple to do once you understand these gotchas, yet again that's what these forums are for :).