Overview: deploying Client Security
Applies To: Forefront Client Security
This topic gives an overview about how to deploy Client Security to your client computers using Automatic Updates and WSUS (your distribution server).
You can also deploy Client Security to the client computers manually. This method is useful if you do not use WSUS for your distribution server or if you want to deploy Client Security to client computers without deploying a policy to those computers. For more information, see Deploying manually to each client computer.
You can also deploy Client Security to client computers that are not part of a trusted domain. For example, you can install Client Security on your employees' home computers. When Client Security is installed on computers outside a trusted domain, however, the functionality is restricted. The computers cannot report to the Client Security server, and you cannot deploy Client Security policies to those computers. For more information about those restrictions, and for detailed steps about how to deploy Client Security to a home-based computer, see Protecting home computers.
Important
If you are using WSUS as your distribution server, any computer with a Client Security policy deployed to it will automatically receive the client components for Client Security.
| Computer | Task | Steps |
|---|---|---|
All computers |
Verify your hardware and software requirements. |
Before deploying Client Security to your client computers, you must make sure those computers meet the hardware and software requirements. In some cases, you might need to deploy computer updates before deploying Client Security. For more information, see Verifying your system requirements. |
Prepare your network for deployment. |
If firewalls exist between your collection server and your client computers, network ports might need to be opened. Client computers must be part of a set of trusted domains that are in the same forest. It is recommended that the client computers be part of organizational units or security groups. Verify that you have the appropriate permissions for creating and deploying policies. For more information, see Preparing your network for deployment. |
|
Distribution server |
Approve the client components in WSUS. |
Before deploying Client Security, you must approve the client components for Client Security in WSUS. On the distribution server, open the WSUS console. On the Updates page, select Client Update for Microsoft Forefront Client Security, and then click Approve for installation. For detailed instructions, see Approving the client components in WSUS. |
Management server |
Configure Automatic Updates. |
You must configure Automatic Updates so that the client computers download Client Security updates from your distribution server. To do so, you can edit and deploy a policy in Group Policy Management Console (GPMC). In addition to configuring your client computers, you must configure Automatic Updates on your management server. For detailed instructions, see Configuring automatic updates. |
Client computers |
Disable or uninstall other antivirus or antispyware protection. |
Before deploying Client Security to your client computers, it is highly recommended that you uninstall or disable other antivirus or antispyware protection on those computers. To disable or uninstall your antivirus or antispyware software, follow the software documentation. |
Management server |
Deploy Client Security to the client computers. |
To deploy Client Security to the client computers, you need to deploy a Client Security policy to those computers. All computers with a policy will automatically receive the client components for Client Security. To deploy a policy, on the management server, open the Client Security console and create and deploy a policy. For detailed instructions, see Deploying Client Security to the client computers. |
Verify Client Security deployment. |
When you have installed and configured Client Security, deployed policies, and deployed the client computers, setup is complete. After completing setup, you can view reports to verify that Client Security is performing correctly. For detailed instructions, see Verifying your Client Security deployment. |