Wednesday, October 12, 2011

Definition Update Automation with ConfigMgr working now

Yesterday I posted a blog because the "Definition Update Automation Tool for Forefront Endpoint Protection 2010" wasn't working in my environment. Have a look at Definition Update Automation with Configuration Manager for that one. Today I succeeded to automatically receive new definitions and publish them. In this blog I will post my results and a few good tips and tricks also.

I configured a scheduled task with the following settings:

Run the task with the SYSTEM account and with highest privileges. Configure it for Windows 7 (when needed).

Run the task every hour a day so updates will be downloaded and publish almost immediately when released.

Start a program with the default settings described in "Definition Update Automation with Configuration Manager" http://technet.microsoft.com/en-us/library/hh297450.aspx

The task will run fine after that. Just make sure the tool is placed in the right folder and user account choosen has enough rights.

Existing Forefront clients will be automatically updated to the new definition version. This when deploying a new Forefront client also.

It's possible to consult reports for actual information. There are a few reports beneath the Forefront pane and more eventually beneath reporting services.

My personal favorite is report 389 "FEP information for a specific computer". That way it's possible to see Forefront install, policy and update information in one overview.

When adding the Forefront client in a task sequence this tick must be cleared. Otherwise it's not possible to select the program in a task sequence.

After that, the program is selectable but will not install during a task sequence. This because the script cannot be used during a task sequence install.

Just create a new package and program for that with the following settings: "FEPinstall.exe /q /s /policy <path>\<policy-export>.xml". Be sure that the Network access account AND client computers has access to the source folder. That way Forefront client install by task sequence is possible with the exported policy added.

A few sites with good information on Forefront deployment and troubleshooting issues:

Errors When Using the FEP 2010 Definition Update Automation Tool
http://blogs.technet.com/b/clientsecurity/archive/2011/07/18/errors-when-using-the-fep-2010-definition-update-automation-tool.aspx

Installing the Forefront Endpoint Protection 2010 client and OSD
http://ccmexec.com/2011/02/installing-the-forefront-endpoint-protection-2010-client-and-osd/

Invalid argument format (index 7) "AND", arguments are supposed to start with a / (SoftwareUpdateAutomation.exe)
http://social.technet.microsoft.com/Forums/en-US/FCSNext/thread/ca500b36-c667-4030-85f9-ebd0defbdaf7/ 

Definition update automation tool
http://social.technet.microsoft.com/Forums/en-US/FCSNext/thread/9105024f-3a61-4fe0-bc88-803b502881a8/

No comments:

Post a Comment