I wonder if someone can help me – I'm a developer who's having to build/run a small network for a new startup until we can get a real Network Admin on board.
I have very little experience with running a domain so am reading everything I can lay my hands on but have run into a brick wall with regards to Forefront Client Security.
In short, I've installed it, deployed the policy and enabled updates through WSUS but the client PCs aren't downloading/installing anything.
In detail:
Firstly, The DC is SBS2008 (call it Server A)
On Server B, we've installed Server 2k8 and Forefront Client Security
We had WSUS as part of SBS on Server A. As forefront seemed to want to install its own WSUS, we let it – So we've got Server B configured to be downstream from Server A and running in "replica" mode.
I've created a policy within FCS and deployed it to AD (I can see it in group policy manager). It's linked to the .local location (apologies for incorrect terminology). It's Link Enabled and Enforced are both set to "True"
Now the issue I'm having is that I expected the client PCs to find the new policy, realise they needed an update and download/install the appropriate ForefrontCS client.
From the "Deployment" section of the FCS docs:
To deploy Client Security to the
client computers, you must first
deploy a policy to those computers.
After a client computer has a policy,
the computer will automatically
download Client Security from your
distribution server.
I've tried forcing a policy update on the client PC followed by logoff/on but there's no obvious change.
Having looked at the GPO, it seems that it's setting all the config for the client scans (frequency, update server, etc…) but I can't see anything relating to pushing out software (But as I'm said, I'm new so wouldn't necessarily recognise it in any case)
I'd appreciate any advice / suggestions / links to guides that you may have.
Many thanks in advance
For completeness;
All servers are currently running on Hyper-V VMs. DC and most other servers are 64-bit. Server B – Forefront – is 32-bit (I believe it has to be). All client PCs are currently 32-bit.
Best Answer
You can force Windows Update to get any updates using 'wuauclt -detectnow'
Your problem might be with how you have WSUS configured. FCS probably had added and approved the client for install in its WSUS (Server B) and then by turning it in to a replica you have override the configuration from Server A.