WSUS Forefront Client Deployment RRS feed

  • Question


    I am having trouble getting my client PC's to auto install Forefront Client Security via WSUS.


    I have a fully functioning WSUS v3 server with my client PC's connecting and downloading windows updates (i have a WSUS GPO).

    I have installed ForeFront on a server, and installed the client software on this server as well.  The FF console knows about the client installed on the server, and therefore looks good.


    Within the FF console i have created a policy within policy management and deployed it to an OU.


    My client PC is a member of this OU.  If i run gpresult on the PC i can see the FF GPO has applied to the computer.


    If i then run a wuauclt /detectnow command to sync my PC with WSUS, and then take a look at the local c:\WINDOWS\WindowsUpdate.log it does not detect any updates


    Windows Update Client successfully detected 0 updates.


    So the question is where am i going wrong?  The help file on the technet site says for deployment, that once you have deployed to an OU from the FF concole FF client security will auto install on any PC's in that OU.


    I could carry out a local install but i want to deploy via WSUS


    thanks for any assistance given




    Thursday, March 13, 2008 10:07 AM

All replies

  • Hi,


    Sounds like you have done most steps needed... Only thing I can see that you haven't mentioned (Apologies if you have) is to enable in WSUS the download of Forefront Client Security components, and ensure that type Definition Updates and "Updates" is enabled


    You will then need to manually approve the Forefront Client Security application itself, which will show up under Updates.


    Normally, you would also enable the automatic approval of Definition Updates as these are published regularly.


    This is the section you need to look at in the deployment guide - http://technet.microsoft.com/en-gb/library/bb404285.aspx


    Hope this helps


    • Proposed as answer by TariqA Wednesday, January 6, 2010 12:23 PM
    Thursday, March 13, 2008 10:32 AM
  • simple, excellent thanks. i had not checked that and i have now approved it.


    i am a little unusure now which device is controlling the roll out of the FF Client Security.  i thought it was going to be the deploy FF policy created within FF console but it now appears its the WSUS group i have approved for install on. 


    Or is it clever and will not install one without the other



    Thursday, March 13, 2008 3:55 PM
  • Hi,


    Good news, glad to hear it's working now


    The way it identifies hosts it will deploy is based on the policy being deployed. If a host has the Forefront policy deployed, and then checks into WSUS, it will install the FCS client


    If no Forefront policy is deployed to the host, FCS wont install...




    Thursday, March 13, 2008 4:00 PM