locked
FCS Queries RRS feed

  • Question

  • Hi team, I have few queries . Any suggestions will be appreciated.
    1. How many maximum policies we can have in FCS console ?
    2. Is there any way to auto install the fcs client security agent? In my case it detected the client security but given me an notification abaout the available update but doesn't install the client automatically. I want FCS client to install automatically. I am pushing clients through WSUS.
    3. Is there any way to uninstall the client security agents remotely..say from console? and can we avoid users from uninstalling the client agent from there system? 
    4. can i use existing MOM 2005 server with FCS ?
    5. Can we stop mass mailing thorugh FCS ? (MCafee has this feature).
    6. Is it possible to modify the dashboard of FCS?
    7. What could be some winning points for FCS against Mcafee EPO?
    8. There are couple of settings like email notifications etc. can be configured through MOM...is there any way to configure these settings through fCS console? ot any software that can extend the fuctionality of FCS on console level?




    Thanks in advance.




    Regards, Rohit
    Wednesday, February 10, 2010 12:15 PM

Answers


  • Here is what i can quickly say:


    1. Not sure, i assume all GPO rules apply, that is all they are (reg keys).
    2. Yes, i think there is a adm template you need to install to do this, you will need to confirm. I used SCCM, I wrote scripts to uninstall McAfee and apply needed patches required for FF (Yes, be aware that you may need to install patches before installing the client).
    3. No, I don't think so. This can be easily scripted using sccm or bat files.

    Natively, through policy you can lock down the FF GUI on client machines, this does not stop them from killing processes or stopping services.

    As far as locking down forefront on a client machiens:

      You can, and I have done it, use AD Polices to prevent the services from being stopped and hide the programs in add/remove programs to   prevent users from trying to uninstall. 

    ****Warning: DO NOT PREVENT USERS FROM STOPPING THE MOM SERVICE. THIS WILL BREAK MOM AND PREVENT IT FROM STARTING******  Unless MOM is running under a different account other then system.  


    4. No, I think MOM 2005 for FF is a hacked up version of MOM to help people manage FF in the enterprise. I could be wrong though.
    5. No you can not. I have McAfee as well.
    6. No
    7. It is cheaper with certain agreements. Not sure if it is better.
    8. No not that I know of.
    • Marked as answer by Nick Gu - MSFT Saturday, February 20, 2010 2:07 AM
    Friday, February 12, 2010 4:57 PM

All replies


  • Here is what i can quickly say:


    1. Not sure, i assume all GPO rules apply, that is all they are (reg keys).
    2. Yes, i think there is a adm template you need to install to do this, you will need to confirm. I used SCCM, I wrote scripts to uninstall McAfee and apply needed patches required for FF (Yes, be aware that you may need to install patches before installing the client).
    3. No, I don't think so. This can be easily scripted using sccm or bat files.

    Natively, through policy you can lock down the FF GUI on client machines, this does not stop them from killing processes or stopping services.

    As far as locking down forefront on a client machiens:

      You can, and I have done it, use AD Polices to prevent the services from being stopped and hide the programs in add/remove programs to   prevent users from trying to uninstall. 

    ****Warning: DO NOT PREVENT USERS FROM STOPPING THE MOM SERVICE. THIS WILL BREAK MOM AND PREVENT IT FROM STARTING******  Unless MOM is running under a different account other then system.  


    4. No, I think MOM 2005 for FF is a hacked up version of MOM to help people manage FF in the enterprise. I could be wrong though.
    5. No you can not. I have McAfee as well.
    6. No
    7. It is cheaper with certain agreements. Not sure if it is better.
    8. No not that I know of.
    • Marked as answer by Nick Gu - MSFT Saturday, February 20, 2010 2:07 AM
    Friday, February 12, 2010 4:57 PM
  • I was just working on the AD Policy today attempting to do the same thing.  can you explain what you did to prevent users from stopping those services?  I saw three that i thought would do it but the settings i used did not prevent it.
    Wednesday, April 7, 2010 1:36 AM