Forefront Client Security across Domains
- Hi,
We have an Organization with multiple Domains. We have been running Norton Corporate on the workstations. We have bought a Organizational wide Site License for Forefront Client Security to replace Norton.
I am wondering if the Client software can be installed on the workstations in multiple domains pointing to a WSUS server for updates or if you have to have a Server component and deploy? We have a working WSUS server that crosses Domains with no issue.
Rebuilding the network for one Forest or Domain is not possible at this time.
lforbes
Answers
Hi,
Thank you for your post.
Yes, you can deploy to client computers in multiple domains and to domains that are separate from the domain for the Client Security servers. The main requirement is that the domains have two-way trust. When creating and deploying the policies, you can specify different policies for different domains, which would allow you to manage the computers based on which domain they're in. Meanwhile, the domains must be in the same Forest
Regards,
Nick Gu - MSFT- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorTuesday, April 21, 2009 4:04 AM
- Marked As Answer bylforbes Wednesday, April 22, 2009 6:31 PM
All Replies
Hi,
Thank you for your post.
Yes, you can deploy to client computers in multiple domains and to domains that are separate from the domain for the Client Security servers. The main requirement is that the domains have two-way trust. When creating and deploying the policies, you can specify different policies for different domains, which would allow you to manage the computers based on which domain they're in. Meanwhile, the domains must be in the same Forest
Regards,
Nick Gu - MSFT- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorTuesday, April 21, 2009 4:04 AM
- Marked As Answer bylforbes Wednesday, April 22, 2009 6:31 PM
- Hi,
You can deploy a policy to domains of the same forest. But not outside the forest. If you want to apply domains outside the forest you need to copy the policy and apply it manually.
Try this link:
http://technet.microsoft.com/en-us/library/cc758287.aspx- Proposed As Answer byMGMNVA Wednesday, April 29, 2009 11:07 PM
- There is no problem with Installation across multiple domains as long as they are connected via two-way trust.
there is also a way to work with not-trusted domains but this is not a supported configuration. in order to do that you have to do two things:
1. open mom administrator console and go to global settings -> security, and uncheck the checkbox that states mutual authentication.
2. export your policy files into a REG file and deploy them into the domain that doesn't have FCS management server installed using GPO.
Microsoft Forefront MVP - is it possible to deploy FCS to trusted domains in different forests??
