For an FCS client to update from Microsoft you need to opt the machine into Microsoft Update. Just turning Windows Update on is not enough. Unfortunately FCS doesn't give you any information that anything is wrong - it just reports that there are no updates available. Once you've opted in to Microsoft Update everything is fine.
A FEP2010 client can update from Microsoft without you needing to opt the machine into Microsoft Update.
You can prove this to yourself by creating two vbscripts as supplied below, optinMU.vbs and optoutMU.vbs. Using the scripts to opt in and out of Microsoft Update you can see for yourself the behaviour of FCS and FEP2010. If your machine is configured for WSUS, you can set it to use Windows Update by deleting the registry key
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate and restarting the Automatic Updates service. While testing you can install the Forefront Client Security client in standalone mode by running CLIENTSETUP.EXE /NOMOMSo, to summarise-
FCS - needs opt in to MU
FEP2010 - no requirement for MU
optinMU.vbs
'from http://msdn.microsoft.com/en-us/library/aa826676(v=vs.85).aspx
Set ServiceManager = CreateObject("Microsoft.Update.ServiceManager")
ServiceManager.ClientApplicationID = "My App"
'add the Microsoft Update Service, GUID
Set NewUpdateService = ServiceManager.AddService2("7971f918-a847-4430-9279-4a52d1efe18d",7,"")
optoutMU.vbs
Set ServiceManager = CreateObject("Microsoft.Update.ServiceManager")
ServiceManager.ClientApplicationID = "My App"
ServiceManager.RemoveService("7971f918-a847-4430-9279-4a52d1efe18d")
No comments:
Post a Comment