This document contains critical information that is required to successfully install and use Microsoft® Forefront™ Client Security. It is very important that you review the information contained in this document before you attempt to install Client Security.
Additional Resources
It is highly recommended that you read the
Refer to the
Expiration of the Public Beta Release
Once activated, the Public Beta (formerly called "Beta 2") release of Client Security will function fully until June 30, 2007.
Thirty days before the expiration date, you will start receiving expiration reminder messages indicating the date that the trial will expire. The reminder messages will appear each time you open the Client Security console. A message that lists the expiration date will also appear at the top of each report generated from Client Security.
Microsoft Windows Server™ 2003 R2 and Microsoft SQL Server 2005 included with the Public Beta version of Client Security are evaluation copies and will expire 180 days after installation.
Once the prerequisites expire, you will no longer be able to use Client Security unless you reformat your hard disk and then reinstall the operating system, the prerequisite software, and the Client Security release. For detailed instructions about installing the prerequisites and the Client Security release, see the
Regardless of whether you reinstalled the prerequisites, you will no longer be able to use the Public Beta version of Client Security after June 30, 2007.
Privacy
For details about the types of information collected or used by Client Security, see the
Known Issues
| Important: |
|---|
|
It is very important that you review the critical server and client deployment issues below before you begin installing Client Security. Failure to do so could result in a nonfunctional deployment. These issues are also documented in the |
Certain issues that were identified shortly before this release were not fixed. These known issues will be addressed in subsequent releases.
This section describes known issues for Client Security. These issues may impede your ability to use Client Security in specific ways.
Critical server deployment issues
Administrator privileges not recommended for MOM agent account
When installing Client Security, it is highly recommended that the account you use for the MOM agent account does not have administrator privileges on the client computer. For example, the account should not be a domain administrator account or a local administrator on the client computer. If the account does have administrator privileges, you must disable the automatic approval of the MOM agent and approve the MOM agent manually.
If you use an account with administrator privileges on the client computer and do not disable the automatic approval of pending computers, then the MOM agent will be automatically uninstalled, resulting in no reporting data from the client computers.
SQL Server 2005 Enterprise Edition required
Client Security requires SQL Server 2005 Enterprise Edition with SP1. SQL Server 2005 Standard Edition is not supported for the Public Beta release.
Setup cannot be run from a network share
You cannot install Client Security from a network share unless you have granted permission to the application. For more details, see
Configuration wizard may time out
In the Configuration wizard, the following task may time out before it completes: Import sasreport.xml. If this happens, run the Configuration wizard again.
Default instance for SQL Server required
When using the current version of Client Security, you cannot use a named instance of SQL Server. Instead, you must use the default instance.
Permissions for reporting database required
This version of Client Security requires that, in a three-server topology, you give permissions for the account under which the SQL Server Agent runs on the reporting database to the management, collection, and reporting server. By doing so, you enable the Client Security DTS account (which runs by default as a local system account on the reporting database server) to access the collection database (located on the management, collection, and reporting server).
To grant permissions:
-
On the management, collection, and reporting server, add the computer account for the reporting database server (if the SQL Server Agent runs under the local system) or the domain account that the agent runs under to the SQLServer2005ReportServerUser$computername$MSSQLSERVER group.
To find out what account the SQL Server Agent runs under:
-
On the reporting database server, open the Services console and double-click SQL Server Agent (MSSQLSERVER), and then click the Log On tab.
DAS account must be reused for all service accounts
In this version of Client Security, you must re-use the MOM Data Access Server (DAS) account for all other service accounts. In addition, you must grant the DAS account local administrator permissions for each server on which you install Client Security. Not doing so will result in SQL Server errors.
Machine account and DAS account must be in same domain
In a one-server topology, the DAS account must be part of the same domain as the server.
Critical client deployment issues
Cannot install 64-bit client from Client Security CD
To install Client Security on a client computer running a 64-bit version of Windows, you must download the
Tablet PCs are not supported
The Public Beta release of Client Security does not support the use of Tablet PCs.
Filter manager package must be installed on Windows XP SP2 clients
To install the Client Security agent, any client computer running Windows XP SP2 must first have the filter manager rollup package installed.
To install the filter manager rollup package:
-
On the client computer, install the filter manager rollup package Windows XP SP2 from your Client Security CD, windowsxp-kb914882-x86-enu.exe.
Update Rollup 1 must be installed on Windows 2000 clients
Before installing the Update Rollup 1 for Windows 2000 with SP4, make sure that you have installed Windows 2000 SP4.
To install Update Rollup 1:
-
On the client computer, download and install Update Rollup 1 for Windows 2000 with SP4 from
Windows Update .
GDI+ must be installed on Windows 2000 clients
To install the Client Security agent, the client computer must be running the current version of GDI+. By default, these GDI+ binaries might not be installed on a computer that is running Windows 2000.
-
On the client computer, install GDI+ from the Client Security CD, GDIPlus.dll.
-
Create the following directory
: %ProgramFiles%\Microsoft Forefront\Client Security\Client\Antimalware -
Copy the following file from the GDI+ download to that directory: gdiplus.dll
Definition updates not found by Vista RC2 clients
On client computers running RC2 builds of Windows Vista, definitions are not updated from Microsoft Update or Windows Update. By default, these computers point to the incorrect update site.
To enable definitions updates on Vista RC2 computers, point the computers to the WSUS server for Client Security. For configuration details, see the
Client setup log: AM Install Failed. See FCSAM.log for details
If you see this log entry after installing the Client Security agent on a client computer, you will need to reboot that computer. After installing the agent, you will receive a log report that the client setup failed and that you should look at fcsam.log. However, fcsam.log states correctly that the installation completed successfully. To verify that there are no failures, reboot the client computer. The issue will occur if you recently installed the Filter Manager QFE but have not yet rebooted.
Critical operational issues
Events on Windows XP may be lost
A computer running Windows XP will stop logging events when the log file exceeds 512KB. This issue occurs because the default event log size for Windows XP is 512KB. To avoid losing event data, change the default event log size on the computer.
14-Day History not displaying on Windows 2003 Server
The 14-Day History section of the Client Security Dashboard tab might not display when the reporting server role is on a separate server from the management server role.
To enable the 14-Day History, on the management server, you must add the reporting server to the Local Intranet security zone in Microsoft Internet Explorer®.
Copyright
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2006. Microsoft Corporation. All rights reserved.
Microsoft, Windows, Forefront, Internet Explorer, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.