Microsoft Forefront Client Security
Installing the software prerequisites for a one-server topology

The Client Security server has the following prerequisites:

  • IIS and ASP.NET
  • SQL Server with SP2 or SP1
  • MMC 3.0
  • GPMC with SP1
  • WSUS with SP1

Before installing the prerequisites, verify that the server meets the hardware and operating system requirements and that you have installed all critical computer and security updates. As part of the updates, make sure that you have Windows Update Agent 2.0 or later. Windows Update Agent automatically updates itself to the latest versions when you download updates from Microsoft.

In addition, you must add the reporting server site to the Local intranet zone in Internet Explorer.

To install IIS and ASP.NET
  1. Click Start, point to Administrative Tools, and then click Manage Your Server.

  2. In the Manage Your Server window, click Add or Remove a Role.

  3. In the Configure Your Server wizard, click Next.

  4. On the next page, click Application Server (IIS, ASP.NET), and then click Next.

  5. On the next page, select the ASP.NET check box, and then complete the wizard.

To use an existing installation of SQL Server, when running the Client Security Setup wizard, provide the server location. You still must use SQL Server 2005 with SP2 or SP1. In addition, the existing installation must not have a OnePoint or SystemCenterReporting database. (These are created as part of the Client Security installation.)

About installing SQL Server 2005
  • For detailed information about installing SQL Server 2005, see SQL Server 2005 Books Online (

  • When installing SQL Server 2005, you must do the following:

    • Install Database Services, Reporting Services, Integration Services, and Workstation components. (On the Components to Install page, select the following check boxes: SQL Server Database Services, Reporting Services, Integration Services, and Workstation components.)
    • Use a domain user or network service account for the SQL Server and SQL Server Agent service accounts. A domain user account is recommended. (On the Service Account page of the wizard, click Domain user account.)
    • Have the SQL Server Agent service start automatically. (On the Service Account page, under Start services at the end of setup, select the SQL Server Agent check box.)
    • Use collation that is not case-sensitive. (On the Collation Settings page of the wizard, choose an option that is not case-sensitive.)
  • If you plan to use a secure connection for reports in Client Security, you should set up the Secure Sockets Layer (SSL) configuration while you are installing SQL Server. For more information, see SQL Server 2005 — Reporting Services at Microsoft TechNet (

  • When installing SQL Server 2005, you should use Windows Authentication as the security mode. Windows Authentication mode is much more secure than mixed mode. (On the Authentication Mode page, select Windows Authentication Mode.)

To install SP2 or SP1 for SQL Server 2005
  • Do one of the following:

    • Download and install SP2 for SQL Server 2005 from the Microsoft Download Center (
    • Download and install SP1 for SQL Server 2005 from the Microsoft Download Center (

After installing SQL Server 2005, you can change the location for SQL Server data and log files.

To change the location for data and log files
  1. Open SQL Server Management Studio. (On the Start menu, click All Programs, click Microsoft SQL Server 2005, and then click SQL Server Management Studio.)

  2. In the Connect to Server dialog box, click Connect.

  3. Right-click the root server name node, and then click Properties.

  4. In the Server Properties dialog box, under Select a page, click Database Settings.

  5. In Database default locations, enter the locations you want to use for the data and log files, and then click OK.

To install MMC 3.0
To install GPMC with SP1

If you plan to use WSUS to distribute definitions to the client computers, the Client Security server will require WSUS with SP1.

If you use a proxy server on your network, you can specify the proxy server settings for WSUS after installing it. For more information about configuring proxy server settings, see Configure WSUS to Use a Proxy Server (

To install WSUS with SP1
  1. Download and install WSUS 2.0 with SP1 from Download Windows Server Update Services with Service Pack 1 (

  2. On the Windows Server Update Services page, click Install Windows Server Updates Services.

  3. In the File Download - Security Warning dialog box, click Run.

  4. On the first page of the Microsoft Windows Server Update Services Setup wizard, click Next.

  5. On the License Agreement page, click I accept if you accept the license agreement, and then click Next. You must accept the license agreement to complete the installation.

  6. On the Select Update Source page, verify that the Store updates locally check box is selected, and then click Next.

  7. On the Database Options page, choose whether to store the WSUS data on an existing instance of SQL Server or whether to install Microsoft Database Engine, and then click Next. For performance reasons, it is recommended that you use an existing instance of SQL Server.

  8. If you chose to use an existing instance of SQL Server, click Next on the Connecting to SQL Server Instance page.

  9. On the Web Site Selection page, select Create a Microsoft Windows Server Update Services Web site.

    This option causes WSUS to use port 8530, which is recommended when using WSUS on a server that also has the reporting server components of Client Security installed, instead of port 80, which is the default for WSUS.
  10. On the same page, record the WSUS management URL and the client configuration URL (you will need this information later), and then click Next.

  11. On the Mirror Update Settings page, verify that the This server should inherit the settings check box is not selected, and then click Next.

  12. On the Ready to Install page, click Next.

  13. On the last page of the wizard, click Finish.

Before installing Client Security, you must configure and synchronize WSUS.

To configure and synchronize WSUS with SP1
  1. In the WSUS console, click Options, and then click Synchronization Options.

  2. On the Synchronization Options page, under Update Classifications, click Change.

  3. In Add/Remove Classifications, select the Updates check box, and then click OK.

    This setting ensures that WSUS will download the client components for Client Security. Client Security definition updates will be automatically selected as synchronization options when you install the distribution server components of Client Security.
  4. Click Save settings.

  5. To start synchronizing, on the Synchronization Options page, click Synchronize Now.

    The first time you synchronize your WSUS server, it can take several hours.

For SQL Server Reporting Services to function correctly, you must add the reporting server site to the Local intranet zone on the Client Security server.

Internet Explorer maintains two different lists of sites for the Local intranet zone. One list is in effect when the enhanced security configuration is enabled, and a separate list is in effect when the enhanced security configuration is disabled. When you add a Web page to the Local intranet zone, you are adding it only to the list that is currently in effect.
To add the reporting server site to the Local intranet zone
  1. In Internet Explorer, on the Tools menu, click Internet Options.

  2. Click the Security tab, and then click the Local intranet zone.

  3. Click the Sites button.

  4. Click the Advanced button.

  5. In the Add this website to the zone box, type the URL of the SQL Server Reporting Services site (for example, http://servername).

  6. Click Add.

Posted by 달룡이네집