Microsoft Front line Customer Security Vital Sending - PowerPoint PPT Presentation

microsoft forefront client security strategic deployment l.
Skip this Video
Loading SlideShow in 5 Seconds..
Microsoft Front line Customer Security Vital Sending PowerPoint Presentation
Microsoft Front line Customer Security Vital Sending

play fullscreen
1 / 33
Download Presentation
Download Presentation

Microsoft Front line Customer Security Vital Sending

Presentation Transcript

  1. Microsoft Forefront Client Security Strategic Deployment Presented by: Bob Phillips Jeff Coyne

  2. What is Forefront? • Microsoft’s Anti-Virus, Anti-Malware Solution • Purchased by Microsoft from Sybari Software Inc. in June 2005

  3. Why Forefront? • Cost – McAfee License vs. Microsoft Enterprise Cal • Also includes Office Communications Services, SharePoint, and other software • Performance • Caught more malware and viruses than McAfee, including the Conflicker/DownAndUp problem • Integration with Active Directory • Controlled by Group Policy Objects (GPOs) and WSUS

  4. Project Goals and Details • Lower Cost of Virus Scanning Software • Improved Detection of Malware • Project Completion within 30 Days • Project Scope 9700 Desktops and 400 Servers

  5. Our Environment • Physically Separate Campuses • Academic and Hospital • College Computing Structure • Server Operating Systems • Desktop Operating Systems

  6. Topology • Server roles • Management • Collection • Reporting • Distribution (WSUS) • Database

  7. Management Server • Central Point to Access Reporting and Configuration • Publish GPOs for Client Configuration • Control Configuration and Integration Settings for the Pod

  8. Collection Server • MOM 2005 Collection Server • Collects Events from All Machines • Controls MOM Agent Configuration • Database Pruning and Cleanup

  9. Reporting Server • SQL Reporting Services • Out of Box Reports for: • Malware • Computer • Alerts • Deployment Stats • Security Stats

  10. Distribution Server (WSUS) • Windows Server Update Services (WSUS) 3.0 SP1 • Configured to Synchronize and Automatically Approve Forefront Updates • Scheduled to Synchronize 24 Times a Day • Microsoft tool available to synchronize only Forefront Updates

  11. Database Server • SQL 2005 Enterprise • Clustered for Redundancy • Split Databases between Clustered Virtuals

  12. Preparing for Forefront • Group Policy Object(s) Published from the Management Server • Recommended to only publish Forefront GPOs from Management Server • During install, client must have valid Collections Server information in the registry • WSUS Server(s) with Forefront Client Security Synchronized and WSUS Groups Created • Allows definition and update immediate installation • SMS Groups and Packages Created

  13. Server Considerations • Exchange Server 2007, SharePoint Server, and Office Communications Server • Separate Forefront products • Pre-Requisites • Windows Server 2000 Service Pack 4 with Rollup 1 • Windows Server 2003 Service Pack 1 • Supports Clustering

  14. Exclusions • Script to Enumerate Exclusions from McAfee • Data from EPO • Forefront GPOs • Unable to add processes • Forefront Interface • Reg Hacks

  15. Exclusions (Example)

  16. Exclusions (Example)

  17. Client Deployment Strategies • SMS • Preferred solution for servers • Manual Script • GPO • WSUS • Preferred solutions for desktops • Manually • Home Use

  18. Client Deployment Strategies SMS Advantages Disadvantages • No user intervention required • Reporting of failed computers • Controlled mass deployments • Combined removal of McAfee • Significant time investment • All clients must have SMS agent installed • Permissions based failure issues

  19. Client Deployment Strategies WSUS Advantages Disadvantages • No user intervention • Controlled mass deployments • Simple to set up and use • Reporting of failed computers • Client pull instead of a push • Multiple issues with machines not contacting the WSUS server • Does not uninstall McAfee

  20. Client Deployment Strategies Manual Script Advantages disadvantages • Immediate success or failure known • Combined removal of McAfee • Significant time investment required • Slow • Inefficient

  21. Client Deployment Strategies Non-Domain Machines • Created Registry Hack to Mimic Group Policy Settings • All Forefront settings are located at HKLM/Software/Policies/Microsoft/Microsoft Forefront • Ran Manual Script or Manually Installed

  22. Client Deployment Strategies Home Use • Computer Must be Pointed to Microsoft Update Instead of Windows Update • • Run Setup with /nomom Switch • Prevents need for Collections Server • Created Package with an .hta file

  23. Issues Encountered • WSUS SusID Duplication • Caused by non-sysprep’ed Ghosted machines • Solved by removing registry entry • GPO and manual methods • McAfee Removal • Stubborn or “hidden” machines • Solved with EPO or alternativeMcAfee removal methods

  24. Issues Encountered (Cont.) • Non-Domain Machines • Registry hack to reproduce effect of GPOs • Tricked machines into thinking a GPO was applied • Need for Targeted WSUS Deployment • Create new WSUS group and GPO • Allowed Desktop Support Staff to assign Forefront deployments to a single OU

  25. Issues Encountered (Cont.) • SMS Deployment Failures for Servers • Solved by pre-populating software on machines • Special detections for 64-bit • Use of fully qualified names for source • Vendor Machines and Novell Servers • Unable to install Forefront, kept McAfee on until vendor okays or machines are retired

  26. Issues Encountered (Cont.) • Too Many Resources Used During Scans • Created multiple Forefront GPOs • Allowed us to set separate scan schedules • Dual Core machines appear to be unaffected • Still researching and determining exact cause

  27. Benefits of Solution • System State Assessment Monitoring • Uncovered Dormant Problems with SMS and WSUS • Duplicate SSID, corrupt installations, intermittent network issues • Uncovered Rogue GPOs • Machines pointing to redundant or outdated WSUS servers

  28. Benefits of Solution (Cont.) • Reporting Console • Missing patches • GPO deployment issues • Malware and Virus issues • Connectivity • Information per computer/group/enterprise • Integrated Computer Management • Control through GPOs • Deployment through WSUS

  29. Forefront Reports

  30. Forefront Reports • Deployment Summary • Computers History • Connectivity Summary

  31. What We Would Have Done Differently • More Time • Solution implemented within one month • Better Enumeration of Exclusions in McAfee • Script out a solution to enumerate registry entries • Build Customized Reports Before Deployment • Physical vs. Virtual Servers • Force WSUS as Main Deployment Method • Most efficient method for desktop machines

  32. Plans for the Future • Separate Pods for Campuses • Microsoft “Stirling” • Macintosh Clients

  33. Thank You For Your Time Q & A