microsoft forefront client security strategic deployment l.
Skip this Video
Loading SlideShow in 5 Seconds..
Microsoft Forefront Client Security Strategic Deployment PowerPoint Presentation
Download Presentation
Microsoft Forefront Client Security Strategic Deployment

Loading in 2 Seconds...

play fullscreen
1 / 33

Microsoft Forefront Client Security Strategic Deployment - PowerPoint PPT Presentation

  • Uploaded on

Microsoft Forefront Client Security Strategic Deployment Presented by: Bob Phillips Jeff Coyne What is Forefront? Microsoft’s Anti-Virus, Anti-Malware Solution Purchased by Microsoft from Sybari Software Inc. in June 2005 Why Forefront? Cost – McAfee License vs. Microsoft Enterprise Cal

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Microsoft Forefront Client Security Strategic Deployment

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
what is forefront
What is Forefront?
  • Microsoft’s Anti-Virus, Anti-Malware Solution
  • Purchased by Microsoft from Sybari Software Inc. in June 2005
why forefront
Why Forefront?
  • Cost – McAfee License vs. Microsoft Enterprise Cal
    • Also includes Office Communications Services, SharePoint, and other software
  • Performance
    • Caught more malware and viruses than McAfee, including the Conflicker/DownAndUp problem
  • Integration with Active Directory
    • Controlled by Group Policy Objects (GPOs) and WSUS
project goals and details
Project Goals and Details
  • Lower Cost of Virus Scanning Software
  • Improved Detection of Malware
  • Project Completion within 30 Days
  • Project Scope 9700 Desktops and 400 Servers
our environment
Our Environment
  • Physically Separate Campuses
  • Academic and Hospital
  • College Computing Structure
  • Server Operating Systems
  • Desktop Operating Systems
  • Server roles
    • Management
    • Collection
    • Reporting
    • Distribution (WSUS)
    • Database
management server
Management Server
  • Central Point to Access Reporting and Configuration
  • Publish GPOs for Client Configuration
  • Control Configuration and Integration Settings for the Pod
collection server
Collection Server
  • MOM 2005 Collection Server
  • Collects Events from All Machines
  • Controls MOM Agent Configuration
  • Database Pruning and Cleanup
reporting server
Reporting Server
  • SQL Reporting Services
  • Out of Box Reports for:
    • Malware
    • Computer
    • Alerts
    • Deployment Stats
    • Security Stats
distribution server wsus
Distribution Server (WSUS)
  • Windows Server Update Services (WSUS) 3.0 SP1
  • Configured to Synchronize and Automatically Approve Forefront Updates
  • Scheduled to Synchronize 24 Times a Day
    • Microsoft tool available to synchronize only Forefront Updates
database server
Database Server
  • SQL 2005 Enterprise
  • Clustered for Redundancy
  • Split Databases between Clustered Virtuals
preparing for forefront
Preparing for Forefront
  • Group Policy Object(s) Published from the Management Server
    • Recommended to only publish Forefront GPOs from Management Server
    • During install, client must have valid Collections Server information in the registry
  • WSUS Server(s) with Forefront Client Security Synchronized and WSUS Groups Created
    • Allows definition and update immediate installation
  • SMS Groups and Packages Created
server considerations
Server Considerations
  • Exchange Server 2007, SharePoint Server, and Office Communications Server
    • Separate Forefront products
  • Pre-Requisites
    • Windows Server 2000 Service Pack 4 with Rollup 1
    • Windows Server 2003 Service Pack 1
  • Supports Clustering
  • Script to Enumerate Exclusions from McAfee
  • Data from EPO
  • Forefront GPOs
    • Unable to add processes
  • Forefront Interface
  • Reg Hacks
client deployment strategies
Client Deployment Strategies
  • SMS
    • Preferred solution for servers
  • Manual Script
  • GPO
  • WSUS
    • Preferred solutions for desktops
  • Manually
  • Home Use
client deployment strategies18
Client Deployment Strategies




  • No user intervention required
  • Reporting of failed computers
  • Controlled mass deployments
  • Combined removal of McAfee
  • Significant time investment
  • All clients must have SMS agent installed
  • Permissions based failure issues
client deployment strategies19
Client Deployment Strategies




  • No user intervention
  • Controlled mass deployments
  • Simple to set up and use
  • Reporting of failed computers
  • Client pull instead of a push
  • Multiple issues with machines not contacting the WSUS server
  • Does not uninstall McAfee
client deployment strategies20
Client Deployment Strategies

Manual Script



  • Immediate success or failure known
  • Combined removal of McAfee
  • Significant time investment required
  • Slow
  • Inefficient
client deployment strategies21
Client Deployment Strategies

Non-Domain Machines

  • Created Registry Hack to Mimic Group Policy Settings
    • All Forefront settings are located at HKLM/Software/Policies/Microsoft/Microsoft Forefront
  • Ran Manual Script or Manually Installed
client deployment strategies22
Client Deployment Strategies

Home Use

  • Computer Must be Pointed to Microsoft Update Instead of Windows Update
  • Run Setup with /nomom Switch
    • Prevents need for Collections Server
  • Created Package with an .hta file
issues encountered
Issues Encountered
  • WSUS SusID Duplication
    • Caused by non-sysprep’ed Ghosted machines
      • Solved by removing registry entry
      • GPO and manual methods
  • McAfee Removal
    • Stubborn or “hidden” machines
      • Solved with EPO or alternativeMcAfee removal methods
issues encountered cont
Issues Encountered (Cont.)
  • Non-Domain Machines
    • Registry hack to reproduce effect of GPOs
    • Tricked machines into thinking a GPO was applied
  • Need for Targeted WSUS Deployment
    • Create new WSUS group and GPO
    • Allowed Desktop Support Staff to assign Forefront deployments to a single OU
issues encountered cont25
Issues Encountered (Cont.)
  • SMS Deployment Failures for Servers
    • Solved by pre-populating software on machines
    • Special detections for 64-bit
    • Use of fully qualified names for source
  • Vendor Machines and Novell Servers
    • Unable to install Forefront, kept McAfee on until vendor okays or machines are retired
issues encountered cont26
Issues Encountered (Cont.)
  • Too Many Resources Used During Scans
    • Created multiple Forefront GPOs
      • Allowed us to set separate scan schedules
    • Dual Core machines appear to be unaffected
    • Still researching and determining exact cause
benefits of solution
Benefits of Solution
  • System State Assessment Monitoring
  • Uncovered Dormant Problems with SMS and WSUS
    • Duplicate SSID, corrupt installations, intermittent network issues
  • Uncovered Rogue GPOs
    • Machines pointing to redundant or outdated WSUS servers
benefits of solution cont
Benefits of Solution (Cont.)
  • Reporting Console
    • Missing patches
    • GPO deployment issues
    • Malware and Virus issues
    • Connectivity
    • Information per computer/group/enterprise
  • Integrated Computer Management
    • Control through GPOs
    • Deployment through WSUS
forefront reports30
Forefront Reports
  • Deployment Summary
  • Computers History
  • Connectivity Summary
what we would have done differently
What We Would Have Done Differently
  • More Time
    • Solution implemented within one month
  • Better Enumeration of Exclusions in McAfee
    • Script out a solution to enumerate registry entries
  • Build Customized Reports Before Deployment
  • Physical vs. Virtual Servers
  • Force WSUS as Main Deployment Method
    • Most efficient method for desktop machines
plans for the future
Plans for the Future
  • Separate Pods for Campuses
  • Microsoft “Stirling”
  • Macintosh Clients