locked
Client security for a small distributed organisation RRS feed

  • Question

  • Hi, I work for a global road safety organisation. We have a small number of staff and currently have no formal IT systems other than basic, ad-hoc solutions for email and document collaboration.  We are planning a distributed network environment but have an immediate priority for anti-virus/malware protection of our resources (mostly laptops staff take around the world).

    Is Microsoft Forefront a possibility for us in terms of the Management Console? I am currently running Client Security with the /NOMOM installation and would be quite happy for each user to do so until we have our network in place next year, but does anyone know whether we can centrally manage each client with our current configuration (or lack of?).

    I hope this makes sense; I would appreciate any guidance anyone can give.
    Tuesday, September 22, 2009 9:05 PM

Answers

  • Hi,

     

    Thank you for your post.

     

     Generally speaking, if you want to have the FCS client  report to the FCS management server, you cannot use the /nomom switch. The management server can only manage clients that deployed by FCS policy or  the full command line options. So once you have deployed the FCS management server, you may uninstall the Forefront Client Security Agent from the all the computer and reinstall FCS with FCS policy.

     

    Regards,


    Nick Gu - MSFT
    Wednesday, September 23, 2009 9:14 AM

All replies

  • I'm guessing it depends on how many staff you have and the servers you would have to support the FCS server components. If you are under say 40-50 clients FCS server components can be a little heavyweight for that type of organization.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Tuesday, September 22, 2009 9:37 PM
  • Kurt, thank you very much for your response. We are smaller than 40 clients (half-that for the next 12 months but growing steadily).  As an interim solution, until we have a full Windows network domain without our own servers available, is it worthwhile using Client Security standalone with the view that we would bring the FCS server components into our network later?  Can an installation with the NOMOM flag be centrally managed later?
    Tuesday, September 22, 2009 11:06 PM
  • Hi,

     

    Thank you for your post.

     

     Generally speaking, if you want to have the FCS client  report to the FCS management server, you cannot use the /nomom switch. The management server can only manage clients that deployed by FCS policy or  the full command line options. So once you have deployed the FCS management server, you may uninstall the Forefront Client Security Agent from the all the computer and reinstall FCS with FCS policy.

     

    Regards,


    Nick Gu - MSFT
    Wednesday, September 23, 2009 9:14 AM
  • Thanks Nick. That's exactly what I need to know. Between you and Kurt I have all the info I need.
    Wednesday, September 23, 2009 9:18 AM
  • It can but it will pretty much require deploying the mom agent to the client at that time.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Wednesday, September 23, 2009 5:15 PM