Part 1: Download Installation Files
This blog post will assume that you have installed all Forefront Endpoint Protection roles (Server, GUI, and Reporting) onto one ConfigMgr 2007 Central Site Server for the sake of simplicity. If you need further assistance, refer to the following link for additional guidance: http://technet.microsoft.com/en-us/library/hh211538.aspx
. In order to accomplish the task of installing Forefront Endpoint Protection 2010’s Update Rollup 1, the following two downloads will be required.
Update Rollup 1 Prerequisite patch (KB2554364)
Update Rollup 1 (KB2551095)
Also, there are several handy tools that can be downloaded in order to help streamline your FEP deployment. The tools can be found at the following here
and are explained in more detail in the below table.
The FEP Group Policy tool is used to import settings from FEP policy XML files into a Group Policy Object (GPO) in an Active Directory domain, or into the Local Group Policy object on a Windows computer. The tool can also be used to export FEP settings from a GPO into a FEP policy XML file. The FEP ADMX template is used in conjunction with Group Policy Editor in order to manage FEP antimalware settings with Group Policy.
FEP 2010 Best Practices AnalyzerThe Microsoft Forefront Endpoint Protection 2010 Best Practices Analyzer (BPA) tool scans the System Center Configuration Manager 2007 and Forefront Endpoint Protection (FEP) configuration settings to identify problematic or missing settings that may prevent optimized use of FEP. The tool is based on the Microsoft Baseline Configuration Analyzer (MBCA) 2.0.
These files are FEP policy XML files, each of which has preconfigured optimized settings for particular server roles such as Microsoft SQL Server, Microsoft Exchange, and Active Directory. The settings enable exclusions and change other FEP antimalware settings to minimize the impact of FEP on the designated server workload.The policy files for use with Configuration Manager are designed to be used only in conjunction with the FEP management node in the Configuration Manager console.Do not use the FEP Server Role Policies with the FEP Group Policy tool. If you do, Group Policy merging might result in the intended configuration not being applied. For information about installing and using the FEP Server Role Policies, see FEP Policy Templates in the FEP 2010 TechNet Library.
These files are FEP policy XML files, each of which has preconfigured optimized settings for particular server roles such as Microsoft SQL Server, Microsoft Exchange, and Active Directory. These settings enable exclusions and change other FEP antimalware settings to minimize the impact of FEP on the designated server workload. The policy files for use with Group Policy are designed to be used only in conjunction with the FEP Group Policy tool, and are specifically designed so that Group Policy merging results in the correct Resultant Set of Policy. Each file contains only optimized settings for a particular server; the default settings applicable for all Windows servers are provided in a separate file. These files should not be used with FEP management node in the Configuration Manager console. The policy files do not contain all the settings required by the FEP policy management interface, and might result in error messages when the UI attempts to parse the files.
Definition Update Automation Tool for Forefront Endpoint Protection 2010This tool enables you to automate downloading and publication of FEP definition updates using the Configuration Manager 2007 Software Update feature.This is a command line tool that uses the Configuration Manager API to download new definitions from Microsoft Update, distribute them to the software update point, and publish the definitions to the endpoints. To automate the tool, you must add a Windows task to run it automatically at a scheduled interval.
Part 2: Install the Reporting Prerequisite Patch