Forefront Client Security Remote Definitions Update Using MOM Tasks
This Guide explains how to create a process of remote updating forefront client security definitions using MOM2005 Tasks. This ability to MOM2005 gives you the ability to "Right Click à Update Definitions" on each and every installed client and by that gives you the ability to update and control your client definitions outside "windows update".
Note: This update method is not a replacement for the Windows update method. You can take the scripts and the first part of this process (the definition download) and use it with any other distribution application you have deployed in your organization.
1. Download DefinitionsDownload.zip and extract the file to C:\FCSDef (it is possible to extract to a different folder, but this will require a change of path in the scripts).
2. Open C:\FCSDef and Right-Click the Definitions Folder -> Sharing. Share the folder with default permissions.
1. Go to Control Panel and Open Scheduled Tasks.
2. Click Add Scheduled task and on the schedule task wizard page, click next.
3. On the choose program page, click browse and browse to the location where you extracted the zip file. Click on the DownloadDefinitions.vbs script and Click Open.
4. On the schedule page, choose daily for now. We will go back and change it later on.
5. On the time and day, just click next. We will configure this later on.
6. On the user page, type the username and password for the user you wish this task will run under. Notice that this user does not have to be administrator on the computer, but it does need to have the ability to run scripts and appropriate permissions on the definitions folder.
7. On the summery page, check the open advanced properties check-box and click finish.
1. On the advanced properties window, go to the schedule tab and click advanced.
2. On the advanced scheduling options, set your schedule for checking and downloading new definitions. Notice that the Microsoft Anti-Malware Team updates the definitions on the security portal EVERY 2 HOURS!
On the until check boxes, click Duration and choose 2 hours and 30 minutes.
make sure that "if the task is still running, stop it…" checkbox is cleared
3. Click ok and go to the settings page. Change the "stop the task if…" setting to 30 minutes and click ok.
Now the first part is completed, your FCS server will contact the security portal every scheduled hour and download the new definitions and delete the old ones.
1. Open the MOM 2005 Administrator Console and expand Console Root -> Microsoft Operations Manager -> Management Packs -> Tasks
2. Right Click Tasks -> Create Task.
3. On the welcome wizard, click next.
4. On the Task Run Location and Type page, choose run location: "Agent-Managed computer" and Task Type: "Command line"
5. On the task configuration page, type the application Task name,"mpam-fe.exe".
6. On the task configuration window, select "Microsoft Forefront Client Security Agent" Target Role.
On the Task command line, type the full UNC path of the definitions file you configured at the scheduled download phase earlier. Leave the task remote start and task output behavior as is.
7. Last, type the task name, and put a shortcut key if you wish.
Deploy definitions to FCS Client using MOM 2005
- Open MOM2005 Operator Console and enter the state view.
- Now you click each and every one of the computers where FCS client is installed and choose "updating forefront client security definitions" from the task list.
- On the welcome to launch task wizard, click next.
- On the command line task paramaters, click next.
- On the task target page, verify that the targets are indeed those you have chosen to deploy definitions to and click next.
- Click finish on the completing page, will deploy FCS definitions file to the designated target.
Important Note: This Guide explains how to download and distributes the full version of the definitions update (about 20MB). You should take this under consideration when scheduling your downloads, client definitions deployment.