Archive

Archive for the ‘WSUS’ Category

WSUS administration best practices recommended to ease Forefront Endpoint Protection (and Client Security) deployment (en-US)

April 4th, 2012 No comments

InfoButtonHere’s a cool article I found while going through what was new over on our community-driven TechNet Wiki. This one discusses some best practices for WSUS that should ease Microsoft  Forefront Endpoint Protection and Client Security deployments. And as with all of the Wiki articles, if you have some tips of your own please feel free to add them in.

Forefront Client Security and Endpoint Protection both use WSUS infrastructure in different ways. This, unless your Forefront update policy uses a network share to deploy the updates. The goal of this article is not to explain the relationship between Forefront and WSUS in details, but to provide best practices regarding WSUS management and administration, that will surely ease FCS/FEP deployment, and even avoid certain issues (eg: updating failures).

The key point to remember is that FCS and FEP may really rely a lot on the WUA’s (Windows Updates Agent) health and performance, on the client computers. Below are a few points, role-based: clients, and Server-based (mostly WSUS), that are known to ease Forefront deployment and updating…

You can continue reading the rest of the article here:

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

App-V Team blog: http://blogs.technet.com/appv/
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Categories: Best-Practices, FEP, TechNet Wiki, WSUS Tags:

FCS – Upcoming solution for installation issues with March 2011 Update

March 31st, 2011 Comments off

We have been working hard on a solution for customers that encountered issues with our update in March. I wanted to let you know what we are planning to address this.

We are authoring a package that is specifically designed to find systems that have a failed upgrade to our March update. To do this, we will be pushing a package from Microsoft Update that looks for several specific conditions:

  1. The SSA package from Forefront Client Security to be present.

  2. Several Antimalware registry keys are present, even though Antimalware software had been removed due to an upgrade.

  3. You are running Vista or higher OS (including Server OS like Windows Server 2008)

If all of these items are true, then we will reinstall the update package and return the system to normal.

If a system fails any one of these conditions, we aren’t going to install. The first case is a safe check because only FCSv1 customers have this particular package. The second one is equally important, because if a admin has actually intentionally removed FCSv1, the Antimwalware keys we are looking for would no longer exist. The third obviously focuses the package on machines that it applies to.

We are planning to release this package on 4/5. Our intention is to make this available and visible before the upcoming patch Tuesday window so administrators and users can choose to deploy it ahead of any other updates pending the following Tuesday. WSUS admins will be able to find this package by its KB number 2524280.

Please note that this package is intended to fix only a very specific case of an upgrade failure. There are many technical reasons that a package may fail to upgrade that we cannot address in this manner. Examples include a damaged registry, Windows installer repository issues or binaries being held by external processes beyond our control. If you need additional assistance please contact your support professional or visit http://support.microsoft.com/ph/12632 .

Forefront Client Security Engineering team

Categories: FCS, FCS Support, Forefront, KB, known issue, WSUS Tags: