Alternative deploy option and WSUS based client deploy
- Besides the client deployment methods listed in the Microsoft article is there any other way to deploy Forefront clients? I had a look and used the Forefront Installer on Codeplex but it has too many issues which left me with using this tool as a client assessment tool only. Other option I have tried successfully was via logon script but this can become a problem over slow WAN links and large scale deployment instances. The only other option I am about to try is to wrap the installer into a MSI package and attaching this via GP. Would love to hear how some of you deal with deploying the client part without SCCM or SCE.
In the FCS documentation it mentioned that the client can be distributed by WSUS - am I reading this right?
Answers
Hi,
Thank you for your update.
I think you may use a batch file to uninstall the old forefront client. I will give you a sample for your reference.
=============
Msiexec.exe /uninstall /package mp_ambits.msi /qn
Msiexec.exe /uninstall /package momagent.msi /qn
Msiexec.exe /uninstall /package fcsssa.msi /qn
=============
After that, you may redeploy the forefront client using the following guides.
http://blogs.microsoft.co.il/blogs/yanivf/archive/tags/FCS+Client+Deployment/default.aspx
Meanwhile, you can also download the installation script to reinstall.
http://blogs.microsoft.co.il/files/folders/61188/download.aspx
Regards,
Nick Gu - MSFT- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorThursday, July 02, 2009 8:13 AM
- Marked As Answer byNick Gu - MSFTMSFT, ModeratorThursday, July 09, 2009 7:10 AM
All Replies
- Hi!
yes, it correct. FCS can be deployed via WSUS. you will find the client under the "updates" category. You will have to verify a licence agreement when you approve the client in WSUS.
The drawback is that you don't have the granular control that you might want if you are also uninstalling another Antivirus product.
In my case, If the customer don't have any application distribution system i use a startup script to uninstall current and install FCS.
/Johan
MCSE, forefront spec | www.msforefront.com - That is weird - I have approved the client under the WSUS catergory but if I searched my updates i only see definition updates and service packs. How does this client install deal with previously installed Forefront clients? I guess it leaves it but if the install is corrupt is there a way to redeploy?
Hi!
How is the install corrupt?
does the client not run? can you expand a bit on the install beeing corrupt?
Do you have any other means of distributing software? (like SMS or SCCM)
It can be hard to get rid of the old installation in an automated way if it's corrupt. It's hard to predict the behavior of the uninstall then.
Try scripting, at www.codeplex.com there are forefront uninstall scripts (search for Forefront). That might help out.
/Johan
MCSE, forefront spec | www.msforefront.com- I am using this, http://fcscompete.codeplex.com/, tool currently already. The remote push install and uninstallation of excisting AV products (in my case McAfee Viruscan 8.0) does not work. I currently use the tool only to asses on the overall state of the client computers.
The reason for all this is that I do not have anything like SCCM or SCE to deal with managed deployments.
The previous old install was from a emergency FCS install and the client has commited now to use FCS as their primary AV solution. We had to reroll the FCS server components and noticed that some of the clients started to pick up but there is still a large gap of unmanaged workstations and old FCS clients that we need to action manually. Hence my question if the new FCS server detects a FCS client install, will it try to reroll it if there is some files missing on the client computer or just leave it?
Biggest concern/challange is to deploy FCS throughout the network without using any deployment software. Doing a install through logon scripts is at this point in time a last resort. We also started using the Kaspersky Administration Kit to push out FCS client installs as the logon script creates a long delay before the user can log onto his/her computer. Hi,
Thank you for your update.
I think you may use a batch file to uninstall the old forefront client. I will give you a sample for your reference.
=============
Msiexec.exe /uninstall /package mp_ambits.msi /qn
Msiexec.exe /uninstall /package momagent.msi /qn
Msiexec.exe /uninstall /package fcsssa.msi /qn
=============
After that, you may redeploy the forefront client using the following guides.
http://blogs.microsoft.co.il/blogs/yanivf/archive/tags/FCS+Client+Deployment/default.aspx
Meanwhile, you can also download the installation script to reinstall.
http://blogs.microsoft.co.il/files/folders/61188/download.aspx
Regards,
Nick Gu - MSFT- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorThursday, July 02, 2009 8:13 AM
- Marked As Answer byNick Gu - MSFTMSFT, ModeratorThursday, July 09, 2009 7:10 AM
- I Just wanted to pipe in and make sure you are approving the right package. The base client has a very confusing name:
"Client Update for Microsoft Forefront Client Security (1.0.17030.0)"
Also that client will not get offered unless a FCS policy is in place on the client machine.
-Eddie I Just wanted to pipe in and make sure you are approving the right package. The base client has a very confusing name:
Hi Eddie,
"Client Update for Microsoft Forefront Client Security (1.0.17030.0)"
Also that client will not get offered unless a FCS policy is in place on the client machine.
-EddieCan you be more precise about the policy?Thanks!
