1 / 33

Microsoft Forefront Client Security Strategic Deployment

Microsoft Forefront Client Security Strategic Deployment Presented by: Bob Phillips Jeff Coyne What is Forefront? Microsoft’s Anti-Virus, Anti-Malware Solution Purchased by Microsoft from Sybari Software Inc. in June 2005 Why Forefront? Cost – McAfee License vs. Microsoft Enterprise Cal

omer
Download Presentation

Microsoft Forefront Client Security Strategic Deployment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Forefront Client Security Strategic Deployment Presented by: Bob Phillips Jeff Coyne

  2. What is Forefront? • Microsoft’s Anti-Virus, Anti-Malware Solution • Purchased by Microsoft from Sybari Software Inc. in June 2005

  3. Why Forefront? • Cost – McAfee License vs. Microsoft Enterprise Cal • Also includes Office Communications Services, SharePoint, and other software • Performance • Caught more malware and viruses than McAfee, including the Conflicker/DownAndUp problem • Integration with Active Directory • Controlled by Group Policy Objects (GPOs) and WSUS

  4. Project Goals and Details • Lower Cost of Virus Scanning Software • Improved Detection of Malware • Project Completion within 30 Days • Project Scope 9700 Desktops and 400 Servers

  5. Our Environment • Physically Separate Campuses • Academic and Hospital • College Computing Structure • Server Operating Systems • Desktop Operating Systems

  6. Topology • Server roles • Management • Collection • Reporting • Distribution (WSUS) • Database

  7. Management Server • Central Point to Access Reporting and Configuration • Publish GPOs for Client Configuration • Control Configuration and Integration Settings for the Pod

  8. Collection Server • MOM 2005 Collection Server • Collects Events from All Machines • Controls MOM Agent Configuration • Database Pruning and Cleanup

  9. Reporting Server • SQL Reporting Services • Out of Box Reports for: • Malware • Computer • Alerts • Deployment Stats • Security Stats

  10. Distribution Server (WSUS) • Windows Server Update Services (WSUS) 3.0 SP1 • Configured to Synchronize and Automatically Approve Forefront Updates • Scheduled to Synchronize 24 Times a Day • Microsoft tool available to synchronize only Forefront Updates

  11. Database Server • SQL 2005 Enterprise • Clustered for Redundancy • Split Databases between Clustered Virtuals

  12. Preparing for Forefront • Group Policy Object(s) Published from the Management Server • Recommended to only publish Forefront GPOs from Management Server • During install, client must have valid Collections Server information in the registry • WSUS Server(s) with Forefront Client Security Synchronized and WSUS Groups Created • Allows definition and update immediate installation • SMS Groups and Packages Created

  13. Server Considerations • Exchange Server 2007, SharePoint Server, and Office Communications Server • Separate Forefront products • Pre-Requisites • Windows Server 2000 Service Pack 4 with Rollup 1 • Windows Server 2003 Service Pack 1 • Supports Clustering

  14. Exclusions • Script to Enumerate Exclusions from McAfee • Data from EPO • Forefront GPOs • Unable to add processes • Forefront Interface • Reg Hacks

  15. Exclusions (Example)

  16. Exclusions (Example)

  17. Client Deployment Strategies • SMS • Preferred solution for servers • Manual Script • GPO • WSUS • Preferred solutions for desktops • Manually • Home Use

  18. Client Deployment Strategies SMS Advantages Disadvantages • No user intervention required • Reporting of failed computers • Controlled mass deployments • Combined removal of McAfee • Significant time investment • All clients must have SMS agent installed • Permissions based failure issues

  19. Client Deployment Strategies WSUS Advantages Disadvantages • No user intervention • Controlled mass deployments • Simple to set up and use • Reporting of failed computers • Client pull instead of a push • Multiple issues with machines not contacting the WSUS server • Does not uninstall McAfee

  20. Client Deployment Strategies Manual Script Advantages disadvantages • Immediate success or failure known • Combined removal of McAfee • Significant time investment required • Slow • Inefficient

  21. Client Deployment Strategies Non-Domain Machines • Created Registry Hack to Mimic Group Policy Settings • All Forefront settings are located at HKLM/Software/Policies/Microsoft/Microsoft Forefront • Ran Manual Script or Manually Installed

  22. Client Deployment Strategies Home Use • Computer Must be Pointed to Microsoft Update Instead of Windows Update • http://update.microsoft.com/microsoftupdate/ • Run Setup with /nomom Switch • Prevents need for Collections Server • Created Package with an .hta file

  23. Issues Encountered • WSUS SusID Duplication • Caused by non-sysprep’ed Ghosted machines • Solved by removing registry entry • GPO and manual methods • McAfee Removal • Stubborn or “hidden” machines • Solved with EPO or alternativeMcAfee removal methods

  24. Issues Encountered (Cont.) • Non-Domain Machines • Registry hack to reproduce effect of GPOs • Tricked machines into thinking a GPO was applied • Need for Targeted WSUS Deployment • Create new WSUS group and GPO • Allowed Desktop Support Staff to assign Forefront deployments to a single OU

  25. Issues Encountered (Cont.) • SMS Deployment Failures for Servers • Solved by pre-populating software on machines • Special detections for 64-bit • Use of fully qualified names for source • Vendor Machines and Novell Servers • Unable to install Forefront, kept McAfee on until vendor okays or machines are retired

  26. Issues Encountered (Cont.) • Too Many Resources Used During Scans • Created multiple Forefront GPOs • Allowed us to set separate scan schedules • Dual Core machines appear to be unaffected • Still researching and determining exact cause

  27. Benefits of Solution • System State Assessment Monitoring • Uncovered Dormant Problems with SMS and WSUS • Duplicate SSID, corrupt installations, intermittent network issues • Uncovered Rogue GPOs • Machines pointing to redundant or outdated WSUS servers

  28. Benefits of Solution (Cont.) • Reporting Console • Missing patches • GPO deployment issues • Malware and Virus issues • Connectivity • Information per computer/group/enterprise • Integrated Computer Management • Control through GPOs • Deployment through WSUS

  29. Forefront Reports

  30. Forefront Reports • Deployment Summary • Computers History • Connectivity Summary

  31. What We Would Have Done Differently • More Time • Solution implemented within one month • Better Enumeration of Exclusions in McAfee • Script out a solution to enumerate registry entries • Build Customized Reports Before Deployment • Physical vs. Virtual Servers • Force WSUS as Main Deployment Method • Most efficient method for desktop machines

  32. Plans for the Future • Separate Pods for Campuses • Microsoft “Stirling” • Macintosh Clients

  33. Thank You For Your Time Q & A

More Related