Deploying the Client Software by Using Disk Images

  • Article

Applies To: Forefront Endpoint Protection

You can install the FEP client software on a computer that you intend to use as the imaging source. This computer is typically called the reference computer. After you create the image of the operating system, you can then use the image to deploy your enterprise software, including FEP, to your client computers.

Prerequisites

The following list contains both the required and optional prerequisites for installing the FEP client software on a reference computer.

  • Because the final steps in preparation of the reference computer involve deleting certain registry keys, perform these steps as the last steps before you create the image. Failure to do so can cause deleted registry keys to be recreated as a result of automatic definition updates or as a result of a scan.

  • You must have access to the FEP client installation package. For more information about the FEP client installation package, see Deploying the Client Software by Using the Command Prompt.

  • To ensure the FEP client software is deployed with the configuration that is required in your organization, create a FEP policy, and then export that policy. For information about how to export FEP policies, see Exporting a Policy.

    Note

    The Default Server Policy and the Default Desktop Policy cannot be exported.

  • To deploy your image with FEP definitions that are up-to-date as of the image creation, you must download the latest definitions from the Microsoft Malware Protection Center (https://go.microsoft.com/fwlink/?LinkID=200965).

To install the FEP client software on a computer prior to imaging

  1. Copy FEPInstall.exe to the computer on which you want to install the FEP client software.

  2. If you are installing the FEP client software with a preconfigured policy, copy the exported policy file to the client computer.

  3. On the client computer, open an elevated command prompt, navigate to the folder which contains the FEPInstall.exe file, and type one of the following commands:

    • If you are installing the FEP client software without a preconfigured policy file, at the command prompt, type the following command, and then press ENTER:

      FEPInstall.exe

    • If you are installing the FEP client software with a preconfigured policy file, at the command prompt, type the following command, and then press ENTER:

      FEPInstall.exe /policypolicyfile

      Where policyfile is the name of the exported policy .xml file, including the full path to the file.

  4. If you downloaded the latest definition package, copy the package to the client computer, and then double-click the definition package to install it.

    Note

    After the FEP client software installation is completed, the client automatically performs a definition update check. If this update check succeeds, you do not have to manually install the latest definition package.

After you install the FEP client software on your reference computer, verify that the FEP client software is working correctly.

To verify the FEP client software installation

  1. On the reference computer, click Start, point to All Programs, click Microsoft Forefront, and then click Microsoft Forefront Endpoint Protection.

  2. On the Home page, verify that On is displayed next to Real-time protection.

  3. On the Home page, verify that Up to date is displayed next to Virus and spyware definitions.

  4. To help ensure that your reference computer is ready for imaging, under Scan options, select Full, and then click Scan now.

After you verify the FEP client software installation on the reference computer, you can prepare the computer for imaging. Perform the steps that your particular computer imaging software requires, and include the following steps to prepare the FEP client software for imaging.

To prepare the FEP client software for imaging

  1. On the reference computer, log on as a user that has administrative privileges.

  2. Download the PsTools from the Windows SysInternals TechNet download area (https://go.microsoft.com/fwlink/?LinkId=215263).

  3. When the download is completed, expand the compressed file to a folder.

  4. Open an elevated command prompt, navigate to the folder in which you expanded the PsTools file, type the following command, and then press ENTER.

    Psexec.exe –s –i regedit.exe

    Warning

    Use caution while you are running the Registry Editor in this manner; the –s option in PsExec.exe runs the Registry Editor with LocalSystem privileges.

  5. In the Registry Editor, navigate to each of the following registry keys and delete them.

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\InstallTime

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\LastScanRun

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\LastScanType

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\LastQuickScanID

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan\LastFullScanID

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT\GUID

    Important

    You must delete the registry keys as the last step before imaging the reference computer. The registry keys are recreated when the FEP client software starts, so if you restart the reference computer, you must delete the registry keys again.

After you complete the preceding steps, you can use the system preparation tool Sysprep to prepare the reference computer for image capture. For more information about Sysprep, see What is Sysprep? (https://go.microsoft.com/fwlink/?LinkId=215266) in the Windows 7 TechNet library.

When an image that contains the FEP client software is deployed, the FEP client software automatically reports information to the FEP server, and policy applicable to the client computer is downloaded and applied.