Solved

Forefront Client Security on non-ad machines.

Posted on 2010-11-30
4
332 Views
Last Modified: 2012-05-10
We're looking to replace our McAfee EPO with MS Forefront Client Security.   I'm hoping to retain the functionality of our EPO with it's various reports and management of clients.  It looks like the FCS Console does all the same stuff, but  I can't figure out how to get the non-ad joined machines to report to our Forefront Console and get its updates from our WSUS server.  

I guess I expected it to be as easy as install the client with the /nomom option and edit appropriate registry keys to 'point' at our console server.

and ideas?
0
Comment
Question by:MU-IT
  • 2
  • 2
4 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 34241350
Modify the script found here

http://msmvps.com/blogs/athif/pages/Manually-Configure-WUA.aspx


============ START Script Code===========
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"WUServer"="http://YOUR-WSUS-SERVER"
"WUStatusServer"="http://YOUR-WSUS-SERVER"
"TargetGroupEnabled"=dword:00000001
"TargetGroup"="IT Department"
"ElevateNonAdmins"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:0000000a
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"AutoInstallMinorUpdates"=dword:00000001
"RebootRelaunchTimeoutEnabled"=dword:00000001
"RebootRelaunchTimeout"=dword:0000003c
"RescheduleWaitTimeEnabled"=dword:00000001
"RescheduleWaitTime"=dword:0000000f
"DetectionFrequencyEnabled"=dword:00000001
"RebootWarningTimeoutEnabled"=dword:00000001
"RebootWarningTimeout"=dword:0000001e
"UseWUServer"=dword:00000001
"NoAUShutdownOption"=dword:00000000
"NoAUAsDefaultShutdownOption"=dword:00000000
============ END Script Code===========

0
 

Author Comment

by:MU-IT
ID: 34241450
Ok, We use similar to point our non-ad machines to WSUS, and it works well... but how does that script do anything for the Forefront Client Security Console?
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 34241513
Not entirely sure about the console, but they would at minimum get their definition updates from the WSUS server
0
 

Author Closing Comment

by:MU-IT
ID: 34701906
not 100% what I wanted, but as good as it gets in non-ad environments, I guess.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SHA2 certs for IIS AND Java? 2 113
google exe file 5 67
Need extreme network security for home 16 84
Exchange2013 MAPI 6 16
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
OnPage: Incident management and secure messaging on your smartphone
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question