Search This Blog

Monday, July 11, 2011

setup SCCM 2007 SP2 / R3 and forefront endpoint security 2010 with WSUS 3.0 SP2

setup SCCM 2007 SP2  / R3 and forefront endpoint security

( to compare the dinosaur with 3rd party managed services, in the n-able, once the the mgmt server is done, on the client side , I just need to click the button, the anti-virus will be installed.)

now I am doing setup SCCM 2007 SP2  / R3 and forefront endpoint security 2010 with WSUS 3.0 SP2, plus SQL 2008 R2 as database server

senario is
-  WSUS 3.0 SP2  on one server -- mkswsus

- SCCM 2007 on one server -- mkssccm  --- this server will also have forefront EP 2010

- SQL 2008 R2 database server on another  -- mkssql

there are lots things need go through , the most important are the pre-requiste for those server roles on windows 2008 R2
- namely hotfix for upgrade from sccm 2007 sp2 to R3
- hotfix for FEP 2010 on sccm 2007
- wsus console need be installed on the sccm server
.... check all the pre-requisite list

and
- the webdav thing in windows 2008 R2 is very critical for the sccm 2007 MP
- the SUP yeah ... the software update point is the WSUS server
- always check service accounts be setup , so the sccm can install those roles on other servers
- WSUS server active directory group policy need be setup correctly , otherwise update sync will fail (well, somone point the GPO to a different port)

also
windows 2008 R2, with SCCM is very memory hungry, dont allocate only 1GB memory to the hyper-v machine. that will keeps crashing the configmgr console

you can load FEP2010 on the sccm server, so the sccm can manage it, namely distribute FEP2010 to client PCs, of course configmgr client need be installed first -- this is done on client push in configmgr console.

the FEP2010 definition updates is done via WSUS, you can tweak WSUS console to auto-approve the definition updates

lastly the second run of wbadmin is very slow for some reason. bizare ...

No comments:

Post a Comment