locked
WSUS Forefront Client Deployment RRS feed

  • Question

  •  

    I am having trouble getting my client PC's to auto install Forefront Client Security via WSUS.

     

    I have a fully functioning WSUS v3 server with my client PC's connecting and downloading windows updates (i have a WSUS GPO).

    I have installed ForeFront on a server, and installed the client software on this server as well.  The FF console knows about the client installed on the server, and therefore looks good.

     

    Within the FF console i have created a policy within policy management and deployed it to an OU.

     

    My client PC is a member of this OU.  If i run gpresult on the PC i can see the FF GPO has applied to the computer.

     

    If i then run a wuauclt /detectnow command to sync my PC with WSUS, and then take a look at the local c:\WINDOWS\WindowsUpdate.log it does not detect any updates

     

    Windows Update Client successfully detected 0 updates.

     

    So the question is where am i going wrong?  The help file on the technet site says for deployment, that once you have deployed to an OU from the FF concole FF client security will auto install on any PC's in that OU.

     

    I could carry out a local install but i want to deploy via WSUS

     

    thanks for any assistance given

     

    Regards

    Nathan

    Thursday, March 13, 2008 10:07 AM

All replies

  • Hi,

     

    Sounds like you have done most steps needed... Only thing I can see that you haven't mentioned (Apologies if you have) is to enable in WSUS the download of Forefront Client Security components, and ensure that type Definition Updates and "Updates" is enabled

     

    You will then need to manually approve the Forefront Client Security application itself, which will show up under Updates.

     

    Normally, you would also enable the automatic approval of Definition Updates as these are published regularly.

     

    This is the section you need to look at in the deployment guide - http://technet.microsoft.com/en-gb/library/bb404285.aspx

     

    Hope this helps

    cheers

    • Proposed as answer by TariqA Wednesday, January 6, 2010 12:23 PM
    Thursday, March 13, 2008 10:32 AM
  • simple, excellent thanks. i had not checked that and i have now approved it.

     

    i am a little unusure now which device is controlling the roll out of the FF Client Security.  i thought it was going to be the deploy FF policy created within FF console but it now appears its the WSUS group i have approved for install on. 

     

    Or is it clever and will not install one without the other

     

    cheers

    Thursday, March 13, 2008 3:55 PM
  • Hi,

     

    Good news, glad to hear it's working now

     

    The way it identifies hosts it will deploy is based on the policy being deployed. If a host has the Forefront policy deployed, and then checks into WSUS, it will install the FCS client

     

    If no Forefront policy is deployed to the host, FCS wont install...

     

    cheers

    Chris

    Thursday, March 13, 2008 4:00 PM