This is a Step-By-Step guide for using SCCM2007 to Deploy Forefront Client Security Client Agents.
1. Installed and configured FCS management server.
2. FCS Policy configured and deployed on client machines.
3. Windows Update policy Configured and deployed on client machines.
4. Client Installation Files (the Client directory on the installation CD) on a shared directory on the FCS server (only read permissions needed).
Creating the Installation Package
3. On the Data Source tab, configure the data source as the file share you've created with the client setup files on the installation server. On the scheduling part, you can choose to leave it by default, or configure a schedule for updating the client package.
After finished with all the settings, click finish.
I've chosen 6 hours since I'm downloading the new definitions every days using a script and updating the installation package everyday to be installed with the newest definitions.
4. Now go back and expand the newly created package. The first thing we need to do is to configure a distribution point for the package. For that, right click the distribution points -> New Distribution points.
5. On the distribution points wizard, walk through the welcome screen and on to the Copy package window. Then select the specified distribution point you wish to distribute your package from (the default choice should be the SCCM server itself). Then click next and close.
7. On the general page, type a program name and comment and then configure the command line you need to run the clientsetup.exe with. It should be something like:
clientsetup.exe /CG ForefrontClientSecurity /MS fcsserver.domain.com.
On the Run selection, I recommend using hidden in order not to disturb your users while deploying FCS.
Then click next.
8. On the requirements page, enter a 350MB disk space limit (the limitation by FCS pre-requisites). Then limit the platforms this program can run upon: since we are currently building a package using the x86 client agent version, we need to select only x86 platforms. In addition, we cannot select all x86 2000 and XP since the FCS client is limited to 2000SP4 and XPSP2, so pay attention and check only the proper platforms.
Then click next.
9. On the Environment page, choose that program can run whether or not the user is logged on (which automatically checks the "Run with administrative rights" option.
Note: you should have configured by the administrative account used to install programs. If not, you can find more information about configuring SCCM accounts on: http://technet.microsoft.com/en-us/library/bb680323.aspx .
Then Click next.
10. Go through the Adavanced, Windows Installer ,MOM Maintenance and summery pages and click close.
Note: you configure things you want under advanced or mom maintenance if you wish, but this is not necessary.
Note: The package with just created is used for installing the x86 client agent. In case you have x64 platforms in your domain you need to repeat the process and create a x64 package. Just pay attention when choose the running platforms, only select the x64 systems.
Creating a Task Sequence to Removing existing AV solution and Deploy FCS Package
6. Fill in the proper details and on the command line, write the full path to the removal script.
Note: Some AV solutions require a reboot and won't let anything else get installed on the system after removing them before your reboot the system.
If your case is one of those, then after adding the remove XXX task, click Add -> General Restart Computer.
9. This phase is optional, although I recommend working through it since this is one of the greatest added values of deploying FCS using SCCM.
After configuring the SCCM WSUS Distribution Point settings and syncing with Microsoft Update, you need to be able to see Forefront Updates (hotfixes) in the Software Update Deployment part of the SCCM console.
Go to Computer Management -> Software Updates -> Update Repository -> Updates -> Microsoft -> Forefront Client Security.
10. Select the Updates that relate to FCS and right click -> Deploy Software Updates. Make sure you choose only updates named "Update for Microsoft Forefront Client Security" and not the "Client Update for Microsoft Forefront Client Security".
17. On the deployment Package page, name the newly created package and fill out the package source UNC (Specifies the location of the software update source files. When the deployment is generated, the source files are compressed and copied to the distribution points that are associated with the deployment package).
Note: The shared folder for the deployment package source files must be manually created before proceeding to the next page.
22. Now what we want to do is to add all the updates to the installation package and by that, making sure our clients are installed from the beginning with the most up-to-date version of all the client engines.
Go back to the task sequence you've created earlier and edit it. Click add -> General -> Install Software Updates.
23. Type the name for this task, choose mandatory software updates and click ok.
Note: another optional way of adding the updates to the package is downloading the update directly from Microsoft update catalog (http://catalog.update.microsoft.com/v7/site/Search.aspx?q=forefront), packaging them and adding them is an install software task in the task sequence.
Advertising the Task sequence
That’s it! You've deployed FCS using SCCM2007. Congratulations!