Skip to main content

Forefront Stirling Policies : Feature of the Week 

Posted By:  David Tesar 
Publish Date: 9/11/2008

Even in Beta 1 of Forefront Stirling you can check out the security policy capabilities the product has.  I know what you’re thinking – “whoopee, more policies”, but what you can do with the policies in Stirling are quite impressive.

What can you do with Stirling policies?

For each policy, you can easily specify granular compliance settings for Forefront Client Security (FCS), Forefront Server for Exchange (FSE), and various other security state assessments AND specify granular automated actions to be taken to remediate - all from a single console.  Some ideas for what you might do with Stirling policies:

  • If a client doesn’t have the correct firewall or latest anti-malware updates, remediate this using NAP.
  • Scan email using two engines and when a virus is found to be sent via email, clean the virus and initiate a full client virus and anti-malware scan using FCS
  • Audit to verify your IIS 6/7 and SQL 2005 servers have appropriate security settings enabled
  • If a client is doing a port scan or quickly sending a large number of emails, quarantine their computer using NAP, block their outbound internet access through TMG, scan their email for viruses with FSE, and do a full virus scan with FCS

In updates past Beta 1, you can eventually expect even more capabilities and integration with other Forefront products.

How does it work?

There are two major components – the policy and the target group.  The policy contains all of the settings you are checking for and/or the remediation steps.  The target group can be a user, group, computer, OU, or domain.  A policy can be bound to one or more target groups and precedence can be set to determine priority if there are conflicts in policy settings.  Under the hood, you have Enterprise Security Assessment Sharing (ESAS) and SCCM doing the majority of the communication work related to the policies – which I’ll cover in more depth in future posts.

What’s the catch?

In order to get this functionality working, you’ll need to have the core Stirling infrastructure in place and then utilize the vNext for FCS and FSE installed (if you create policies related to these settings).  Also, for the NAP functionality to work – you’re going to need to set up a NAP infrastructure separately.

Forefront Stirling Homepage

[update] Schedule and Strategy Update for Forefront "Stirling" and Endpoint Protection

Find out more about the new approach to align with customer client infrastructure management that will help simplify deployment and reduce costs.