Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


May 2007

Forefront Client Security

Microsoft goes all out with this technology-heavy product
From the May 2007 Edition
of Windows IT Pro
Jeff Fellinge
Feature
InstantDoc #95504
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Products / Software Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

You'll notice two new programs: Forefront Client Security, which is the actual client installed on the Forefront Client Security server, and Forefront Client Security Console, which is your primary interface for managing the application. Launching the Console for the first time invokes a wizard that takes you through the rest of the configuration.

When configuration is complete, you'll see the Forefront Client Security management console, which Figure 1 shows. The console shows the status of the computers in your environment. On the Dashboard tab, you can immediately assess your security state, including seeing how many computers you're currently managing and their status, such as whether they have malware or vulnerabilities, whether their policies are out of date, and whether any alerts have been generated. You can access rich reports from the right side of the console, including summaries of alerts, malware, and security state.

Creating a policy. After you install the server components, you need to create a policy to define how to protect clients and to schedule scans and definition updates. It's best to create this policy before you deploy the agent software, so the agents will use your policy right away and not the default policy, which might schedule scans at a frequency and coverage level that doesn't suit the needs of your business.

You can create separate policies for servers and workstations, each with its own scan schedule and configuration. From the management console, click the Policy Management tab and select New. Enter a name for the policy and click the Protection tab, which Figure 2 shows. Here you define how Forefront Client Security should protect clients. I really like how Microsoft implemented the scheduling options. For example, you can schedule a full malware scan to occur every week and schedule quick scans, which check the registry and common locations where malware is often installed, to occur every few hours. You can also schedule a security state assessment scan, which differs from a malware scan in that it checks for missing updates and common security misconfigurations.

Options on the Advanced tab let you configure how to handle quarantined files and exclude certain files or folders from scans. You can also tweak your users' privileges on the client. For example, you can allow users to enable or disable virus or malware protection, and you can specify whether users can schedule their own scans. You can even let users respond to prompts, or you can choose to limit that privilege to administrators.

After you've created your policy, you must deploy it. Forefront Client Security lets you assign policies to organizational units (OUs) and security groups and configure a policy for implementation via a registry (.reg) file that runs directly on a client.

Installing the client software. The Forefront Client Security agent software can be installed on Windows 2003 R2, Windows 2003 SP1, Windows XP SP2, or Windows 2000 SP4 systems that have all security updates installed. All other antivirus and antispyware software must be uninstalled. You must also install Windows Update Agent 2.0 and Windows Installer 3.1 on XP and Win2K systems before you install the client. This requirement might complicate your deployment plans a bit.

To install the client software, copy the contents of the Client directory from the Forefront Client Security CD-ROM to the client computer. The setup program will install the MOM client installation program and the Forefront Client Security agent. Run ClientSetup.exe, using the /MS parameter to specify the name of the MOM management server and the /CG parameter to specify the name of the MOM configuration group. If you wanted to install the Forefront Client Security server components on a single server named mfcs.security.local, for example, you would run the following ClientSetup command: 

ClientSetup.exe 
  /MS mfcs.security.local 
  /CG ForefrontClientSecurity

Next, you must approve the client installation in the MOM console. (Alternatively, you can wait an hour, which is the default time for all pending installations to be automatically approved.) On the server where you installed the MOM console, click Start, All Programs, and launch the MOM 2005 Administrator Console. In the console's left pane, navigate to Administration, Computers, Pending Actions. In the right pane, right-click the name of the client computer and approve the manual installation. You can create your own logon script or use Microsoft Systems Management Server (SMS) or a third-party software management program such as LANDesk Software's LANDesk Management Suite to deploy clients, but you must create your own deployment package.

Make sure your clients are configured to pull their updates from the Forefront Client Security WSUS server so they'll receive the Forefront Client Security malware definitions. In addition to conducting on-demand and scheduled scans for malicious software, the Forefront Client Security client agent assesses the security configuration of the host computer. Configuration checks that the client agent can do include ensuring that Automatic Updates is enabled; checking whether anonymous connections are restricted or whether autologon is enabled; enumerating administrators groups; examining password expiration parameters; checking that NTFS is used; confirming that the guest account is disabled; identifying whether any "unnecessary services" are installed, such as WWW, FTP, SMTP or Telnet; and validating that security updates are applied. The client reports alerts to the Forefront Client Security server, where you can view the status of all your systems from a single console.

Navigating the Client
After you install the agent, log on to the client; navigate to All Programs, Microsoft Forefront; and run Forefront Client Security. Use the buttons at the top of the client interface to start a quick scan or a full scan, or to start a custom scan, which lets you select specific drives or folders to scan. The History button lets you review past actions, such as which suspicious items you've allowed to run and which have been quarantined. The Tools menu lets you review the quarantined-items list and set program options such as when to automatically scan a computer and how to handle alerts.

   Previous  1  [2]  3  Next 


Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Learning Path To learn more about Microsoft Forefront Client Security
"Microsoft Security Comes to the Forefront"

"Forefront: Safety Belts for Windows"


Microsoft Resources
"Microsoft Forefront Client Security"

"Microsoft Forefront Client Security Technical Library"
Top Viewed ArticlesView all articles
Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

How can I stop and start services from the command line?

...

Where is Microsoft NetMeeting in Windows XP?

...
Related Articles Microsoft Forefront Security for Exchange Server
Security Whitepapers The Impact of Messaging and Web Threats

Why SaaS is the Right Solution for Log Management

Protecting (You and) Your Data with Exchange Server 2007
Related Events How IE7 & The New Extended Validation SSL Certificates Impact Your Site

Top 10 Email Security Challenges and Solutions

Introduction to Identity Lifecycle Manager "2"

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Register for Orion NPM v9 - Evaluation
Affordable, easy-to-use network performance management with SolarWinds Orion – Free Trial!

Want a Hardware-Independent Image?
Binary Research, the Ghost people, shows you how to clone with 1!

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing