Archive

Archive for the ‘FEP Reporting’ Category

Forefront Endpoint Protection 2010 Update Rollup 1

 By Adwait Joshi

Hello,

An Update Rollup for Forefront Endpoint Protection 2010 is now available here: http://go.microsoft.com/fwlink/?LinkId=223229 .

 In addition to hotfixes, this Update also includes some important changes to note:

  1. Support for Windows Embedded 7 platforms:  With this update, the FEP client software is supported on certain Windows Embedded 7 platforms (including Windows Thin PC) and Windows Server 2008 Server Core.  For more information about the additional support, see Prerequisites for Deploying Forefront Endpoint Protection on a Client Computer.
  2. Signature Update Automation Tool used with Configuration Manager Software Update:  This tool automates downloading FEP definition updates using Configuration Manager 2007 Software Updates.  This is a command line tool that uses Configuration Manager APIs to get new definitions from Microsoft Update via the Configuration Manager software update feature, distribute the content to distribution points, and deploy the updates to Endpoint Protection clients on a recurring schedule.  The automation of the tool is done through the Windows task scheduler. To download the tool, see http://go.microsoft.com/fwlink/?LinkID=221205
  3. Two new preconfigured policy templates for the following server workloads:
    1. Microsoft Forefront Threat Management Gateway
    2. Microsoft Lync 2010

You can find more details in the “What’s New” document on the  Technet site.  Please check out this KB article for a full list of fixes included in this Update Rollup.

Thanks,

Adwait Joshi

Sr. Technical Product Manager

Forefront Endpoint Protection

Forefront Endpoint Protection 2010 Update Rollup 1

 By Adwait Joshi

Hello,

An Update Rollup for Forefront Endpoint Protection 2010 is now available here: http://go.microsoft.com/fwlink/?LinkId=223229 .

 In addition to hotfixes, this Update also includes some important changes to note:

  1. Support for Windows Embedded 7 platforms:  With this update, the FEP client software is supported on certain Windows Embedded 7 platforms (including Windows Thin PC) and Windows Server 2008 Server Core.  For more information about the additional support, see Prerequisites for Deploying Forefront Endpoint Protection on a Client Computer.
  2. Signature Update Automation Tool used with Configuration Manager Software Update:  This tool automates downloading FEP definition updates using Configuration Manager 2007 Software Updates.  This is a command line tool that uses Configuration Manager APIs to get new definitions from Microsoft Update via the Configuration Manager software update feature, distribute the content to distribution points, and deploy the updates to Endpoint Protection clients on a recurring schedule.  The automation of the tool is done through the Windows task scheduler. To download the tool, see http://go.microsoft.com/fwlink/?LinkID=221205
  3. Two new preconfigured policy templates for the following server workloads:
    1. Microsoft Forefront Threat Management Gateway
    2. Microsoft Lync 2010

You can find more details in the “What’s New” document on the  Technet site.  Please check out this KB article for a full list of fixes included in this Update Rollup.

Thanks,

Adwait Joshi

Sr. Technical Product Manager

Forefront Endpoint Protection

Reporting Workbooks

February 4th, 2011 Comments off

Hello!

A while back we posted a reporting workbook for the Forefront Endpoint Protection Security Management Pack. This workbook allows you to connect to your FEP Security Management Pack database and create custom reports based on the data contained within the database.

We have a new addition to this – a workbook you can use to create custom FEP reports. This new workbook works in much the same way as the one previously released. You must first connect the workbook to your FEP database, and then you can use the worksheets to generate custom reports based on the data contained within the database.

In order to make it easier for you to find both workbooks, I’ve attached a zip file that contains both of them to this blog article (if you already downloaded the one for the FEP Security Management Pack, it has not changed). Each workbook has instructions on the first worksheet on how to connect it to your database.

Enjoy!

Changing the FEP2010 Reporting Account

January 28th, 2011 Comments off

The FEP2010 Reporting account is defined during the FEP server setup, with the installation of the Reporting role to be exact.
The account is used by SQL Reporting Services (SRS) to access the FEP data source used by reporting. Incorrect credentials may result in an error as below or similar:

image

This post is to provide you with the steps needed to change the reporting account in the occasion you have a need to do so.

Note: all below steps must be executed with an administrator account.

Access to the FEP database used by reporting

These steps must be executed on the SQL Server hosting the data warehouse database (FEPDW_XXX, where XXX is your Configuration Manager site code).

  1. Open SQL Management Studio and select Database engine from the Server type list. Enter or browse the SQL Server name hosting the reporting database.
  2. Under the Security container in SQL Management Studio, right-click Logins and then click New Login.
  3. Enter the login name (including domain) for your new reporting account.
  4. On the left-hand side in the Page selection area, select User Mappings.
  5. On the right-hand side, select the FEPDW_XXX database.
  6. In the Database role membership area below, check AN_ReaderRole and then click OK.

Access to the OLAP cube

These steps must be executed on the SQL server hosting the data warehouse database (FEPDW_XXX, where XXX is your Configuration Manager site code).

  1. In SQL Management Studio, select Connect Object Explorer from the File menu.
  2. In the Connect to Server window, select Analysis Services from the Server type list.
  3. Expand the FEPDW_XXX database and the Roles container.
  4. Right-click the ReportsUserReadRole and click Properties.
  5. Click the Membership page on the right-hand side.
  6. Add your new reporting account if it is not listed on the right-hand pane by clicking the Add button.
  7. Remove the old reporting account from the list.

Change the account on the Reporting server

These steps can be executed from any system. XXX is your Configuration Manager site code.

  1. Open http://<reportserver>/reports (replace <reportserver> with the name of the report server).
  2. Click the Forefront Endpoint Protection_XXX link.
  3. Click the Show Details button in the top right.
  4. Click the DataSources link.
  5. Click the DefaultDataSource link
  6. Enter the credentials of the new reporting account and click Apply.

Update the reporting account in the registry

These steps must be executed on the server hosting the FEP2010 Reporting role.

  1. Open the registry editor on the reporting server.
  2. Navigate to HKLM\Software\Microsoft\Microsoft Forefront\Forefront Endpoint Protection 2010\Server
  3. Double-click REPORTUSER and enter the new reporting account (in the format domain\username).
  4. Close the registry editor.

Kurt Sarens, Senior Support Engineer