skip to content »

Forefront client security not updating definitions wsus

forefront client security not updating definitions wsus-52

I will walk you through creating one package, you should repeat the process for the other 5 packages.When all is said and done, your General and Data Source tabs of your package should look like this.

forefront client security not updating definitions wsus-47forefront client security not updating definitions wsus-33forefront client security not updating definitions wsus-77forefront client security not updating definitions wsus-49

There are a few ways to do this, however I'll show you the way I did it.This baseline will allow the 3 Configuration Items to evaluate.Once these CIs have evaluated, the steps below for creating the collections will allow the collections to populate with machines that are out of date with their definitions.THIS METHOD HAS BEEN DEPRECIATED AS OF FOREFRONT ENDPOINT PROTECTION UPDATE ROLLUP 1.PLEASE SEE FOREFRONT ENDPOINT PROTECTION 2010 UPDATE ROLLUP 1 USING YOUR DISTRIBUTION POINTS FOR FEP DEFINITIONS WITH THE SOFTWARE UPDATE AUTOMATION TOOL FOR THE NEW METHOD.We also know there is a binary delta definition file (which we don't have the ability to download, or at least I'm unaware of the location of the BDD file) for clients that have definitions that are at least a month old, but aren't older than two months.

So based on all this information, we know that we don't want our clients to download 65MB if it's unnecessary.

First thing we need to do is setup a process to download the definition files automatically.

Create the following directories (I'm using the C: drive in this example, but you can use any of those, just make sure to modify the script I reference below) So now that we have the content downloaded, we need SCCM to be made aware of it and download it on a schedule to our DPs. (x86 and x64 packages for the Full and Delta definitions as well as x86 and x64 packages for the full NIS definition if you plan to use NIS).

General Data Source Repeat the above steps for the other 5 packages (3 packages if you aren't planning on pushing out NIS definitions).

Once the packages are all created, make sure to send each package to your distribution points.

We only want those who are older than a month to download the full definition update (because we don't have the BDD file we have to use this criteria, if we had the BDD file, we'd have a collection of machines with definitions older than a month but not older than two months).