locked
Forefront and SCCM with Software Updates RRS feed

Answers

  • Hi,

     

    Thank you for posting.

     

    As far as I know, Deploying Forefront client agents using System Center Configuration Manager (SCCM) will reduce administrative workload as these agents get installed automatically through SCCM Software Distribution. Administrators do not require additional software or technology, but can leverage their SCCM distribution infrastructure. Furthermore, as this is an administrative controlled policy, even machines that have removed client agents accidentally or intentionally receive the client agent automatically when they update their policy with the SCCM server. Once the agents have been deployed signature updates need to be applied on a routine basis which is also made possible by the use of existing SCCM .

     

    For more information about how to use an existing WSUS server from an SCCM deployment for FCS definition distribution. Please read the guidance from the following links.

     

    Deploying FCS definition updates with a shared System Center Configuration Manager WSUS infrastructure

    http://technet.microsoft.com/en-us/library/dd185652.aspx

     

    Deploying Forefront Client Security Using SCCM 2007 - Step-By-Step

    http://blogs.microsoft.co.il/blogs/yanivf/archive/2008/02/20/deploying-forefront-client-security-using-sccm-2007-step-by-step.aspx

     

     

    Regards,


    Nick Gu - MSFT
    Thursday, June 4, 2009 2:58 AM

All replies

  • Hi,

     

    Thank you for posting.

     

    As far as I know, Deploying Forefront client agents using System Center Configuration Manager (SCCM) will reduce administrative workload as these agents get installed automatically through SCCM Software Distribution. Administrators do not require additional software or technology, but can leverage their SCCM distribution infrastructure. Furthermore, as this is an administrative controlled policy, even machines that have removed client agents accidentally or intentionally receive the client agent automatically when they update their policy with the SCCM server. Once the agents have been deployed signature updates need to be applied on a routine basis which is also made possible by the use of existing SCCM .

     

    For more information about how to use an existing WSUS server from an SCCM deployment for FCS definition distribution. Please read the guidance from the following links.

     

    Deploying FCS definition updates with a shared System Center Configuration Manager WSUS infrastructure

    http://technet.microsoft.com/en-us/library/dd185652.aspx

     

    Deploying Forefront Client Security Using SCCM 2007 - Step-By-Step

    http://blogs.microsoft.co.il/blogs/yanivf/archive/2008/02/20/deploying-forefront-client-security-using-sccm-2007-step-by-step.aspx

     

     

    Regards,


    Nick Gu - MSFT
    Thursday, June 4, 2009 2:58 AM
  • I'm "guessing" that you possibly made a GPO that dictated what the clients WSUS server was?  If so delete that policy. Your SCCM clients should be authoritative in telling your machines which SUP/WSUS server to use.  The FCS policies themselves (the ones created in the FCS console) do not set the WSUS server settings for clients.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    • Proposed as answer by Kaspars_ Friday, October 9, 2009 5:27 AM
    Thursday, June 11, 2009 3:08 PM