Blog

How to Deploy Microsoft Forefront Client Security Client Software

Date May 6, 2010 Author By Category Anti-Virus

They could not have made this any more difficult.  After much searching, I found this information:

Deploying Client Security

The client components of Client Security consist of a Client Security agent and a MOM agent. The Client Security agent scans for vulnerabilities and malware. The MOM agent collects the data, which is then used to generate reports for Client Security. To deploy both agents, use the following procedure.

To directly deploy the Client Security components

  1. Log on to the client computer by using local administrator permissions.
  2. Insert the Client Security CD.
  3. Open the Command Prompt window.
  4. Do one of the following:
    • To install Client Security on a client computer running a 32-bit version of Windows, type cd driveClient.
    • To install Client Security on a client computer running a 64-bit version of Windows, type cd drive Clientx64.
  5. Press ENTER and run ClientSetup with the following parameters:
    • /I InstallationFolder in which InstallationFolder is the location in which you want to install Client Security. This parameter is optional. The default installation folder is at the following location:
      %Program FilesMicrosoft ForefrontClient Securityclient
    • /L LoggingFolder in which LoggingFolder is the location in which you want Client Security to log issues encountered during the installation. This parameter is optional. The default logging folder is at the following location:
      %Program FilesMicrosoft ForefrontClient Securityclientlogs
    • /NOMOM in which the /NOMOM flag installs everything except the MOM agent. If you use the /NOMOM flag, do not use the /CG and /MS flags.
    • /CG ManagementGroup in which ManagementGroup is the name of the management group. If you do not specify the management group, the name will be retrieved automatically from the Client Security policy deployed to the client computer. This parameter must be used with the /MS parameter.
    • /MS CollectionServer in which CollectionServer is the name of the collection server. If you do not specify the collection server, the name will be retrieved automatically from the Client Security policy deployed to the client computer. This parameter must be used with the /CG parameter.
    • /R reinstalls the Client Security agent and the MOM agent. This parameter first verifies that the existing version is older than or equal to the currently installed version, then triggers a reinstall.
  6. Press ENTER.
  7. When the tool finishes running, close the Command Prompt window.

Tags: , , ,

2 thoughts on “How to Deploy Microsoft Forefront Client Security Client Software

  • Jim says:
    August 18, 2010 at 3:51 pm

    You couldn’t be more correct. Typical of Microsoft, Forefront Security is a JOKE.

    (Tongue in cheek experience):

    Woohoo, I finally have all the disks after purchasing a Volume License for my company!

    SO I insert the disk to install MFS, and it begins to install. Oh wait, I have to have WSUS installed on the server to run it. OK, no problem, lets do that, I kind of wouldn’t mind using WSUS. 2 hours later, OK, lets do this again.

    Start to install MFS again, oh wait, now it wants SQL Server 2005 Enterprise Edition! What?!?! Enterprise? I can;t afford that! Oh wait, it came with it. 2 hours later, SQL SRVR 2005 EE is installed.

    OK, now lets do this! Start to install MFS again, oh wait, NOW it wants MOM 2005. :/ ? OK, FINE since I have gone this far, let’s just install the dang thing and get it over with! 2 hours later, MOM2005 installed and configured.

    OK, let’s get this over with, almost a full day gone by and no success at this point, so I install MFS AGAIN, FINALLY! it goes all the way in.

    OK, so now I have to go configure MOM 2005, group policy objects for each version of Windows clients (Forefront Clients will not install otherwise from a centralized distribution location), configure all of WSUS downloads and configuration, work on the action account for hours and hours, run and rerun the Forefront Security BPA (no problems or issues whatsoever) and no clients deployed at all.

    Correct me if I am wrong, but I could have paid about the same for Symantec EP 11.0 and done this in a FRACTION of the time, and not had my server using 3.5GB of memory usage for Forefront Security ALONE!!!!!!!!!!!! because of the SQL requirements.

    This is way beyond ridiculous. Maybe I did it the hard, maybe there is a lighter way, but I did it the Microsoft way.

    To heck with Microsoft, I am going back to Symantec, at least I know what is going to cause problems there, and it doesn’t take a massive server to deploy it.

    Reply
  • Shema says:
    October 14, 2010 at 2:28 am

    You are right. I am a system engeneer living in Burundi (Central Africa). My boss bought the FCS and i spend almost one week trying to deploy it. I can’t recommend it to friends and customers.

    Reply

Leave a Reply

Your email address will not be published.