Installing Forefront TMG Client software

  • Article

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

This topic describes how to distribute and install the Forefront TMG Client software on client computers residing in networks that are protected by Forefront TMG. The Forefront TMG Client software includes the Windows Installer ms_fwc.msi file and is available on the Forefront TMG DVD, in both Standard and Enterprise Editions. Forefront TMG Client installation on 32 and 64-bit operating systems is supported.

The following sections describe:

  • Enabling Forefront TMG Client support

  • Distributing Forefront TMG Client to client computers

  • Running a unattended installation of ms_fwc.msi

Enabling Forefront TMG Client support

Before installing the Forefront TMG Client software, you must enable Forefront TMG Client support on the Forefront TMG server, as follows:

  1. In the Forefront TMG Management console, click Networking.

  2. On the details pane, click the Networks tab.

  3. Right-click the required network, and then click Properties.

  4. On the Forefront TMG Client tab, select Enable Forefront TMG Client support for this network.

Distributing Forefront TMG Client to client computers

You can use the following distribution methods to centrally deploy the Forefront TMG Client software to client computers in the network:

  • Logon script—A logon script checks if the computer has the Forefront TMG Client software installed. If it is not installed, the logon script installs the software from a network share. The logged on user must be a member of the Administrators group on the computer.

  • Group Policy—Use the group Policy option to install the Forefront TMG Client software per user (that is, when a user logs on), or per computer. 

  • Microsoft System Center Configuration Manager 2007—Use the System Center Configuration Manager to ensure that the Forefront TMG Client software is installed on the relevant computers in your organization. For more information, see System Center Configuration Manager 2007 (https://go.microsoft.com/fwlink/?LinkId=69032).

Running a unattended installation of ms_fwc.msi

This procedure describes how to run an unattended installation of the Windows Installer file which installs the Forefront TMG Client software.

To run an unattended installation of ms_fwc.msi

  1. At the command prompt, type the following: msiexec /i ms_fwc.msi <SERVER_NAME_OR_IP=tmgserver> <ENABLE_AUTO_DETECT=0> <REFRESH_WEB_PROXY=0> /qb /L*v c:\fwc_inst.log.

The following parameters are used in the commands:

  • Path—The location of the Forefront TMG Client installation file. You must specify a value.

  • SERVER_NAME_OR_IP=tmgserver—Name or IP address of the Forefront TMG computer to which the client computer should connect.

  • ENABLE_AUTO_DETECT—Specify a value of 1 to indicate that the Forefront TMG Client computer should automatically detect the Forefront TMG computer to which it should connect. A value of 0 indicates that automatic detection is not enabled on the client.

  • REFRESH_WEB_PROXY—Specify a value of 1 to indicate that the Forefront TMG Client configuration should be updated with the Web proxy configuration settings specified in Forefront TMG Management. A value of 0 indicates that the client is not updated.

The command options are as follows:

  • /Q and /qb—Indicate an unattended installation. The /qb option provides a small progress dialog box. Alternatively, you can specify /qn, which provides no progress indicator.

  • /L*v c:\fwc_inst.log—Generates an installation log that may be useful for troubleshooting.

The following Windows Installer options may be useful:

For more information, see Command-Line Options (https://go.microsoft.com/fwlink/?LinkId=92823) and Command-Line Switches for the Microsoft Windows Installer Tool (https://go.microsoft.com/fwlink/?LinkId=92824).

Concepts

About firewall client computers
Deploying Forefront TMG Client