How to manually deploy a Forefront Server Security Management Console deployment agent to a remote managed server

Article ID: 960876 - View products that this article applies to.

This article has been archived. It is offered "as is" and will no longer be updated.

INTRODUCTION

This article describes how to manually deploy a Forefront Server Security Management Console deployment agent to a remote managed server.

To manually deploy the Microsoft Forefront Server Security Management Console (FSSMC) agent, follow these steps.

Note To do this, you must have Hotfix Rollup 2 for FSSMC installed.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

960814

(http://support.microsoft.com/kb/960814/ )

Description of Hotfix Rollup 2 for Forefront Server Security Management Console

Copy the files from the following DeployAgent directory on the FSSMC server to the remote server:
Drive Letter\Program Files\Microsoft Forefront Security\Server\Server Management\Services\DeployAgent
Run the Deployagent.msi file, and then follow the wizard instructions.
After the installation is complete, start the Computer Management console.

Note On a domain controller, you start the Computer Management console from Active Directory.
On the Computer Management console, expand Local Users and Groups, right-click Users, and then click New User.
In the New User window, follow these steps:
1. In the User name field, enter SDEP_MachineName. For example, enter SDEP_EXCHBE01.
2. In the Description field, enter FSSMC Deployment Account.
3. In the Password field, enter Password@123.
4. Confirm the password when you are prompted to do this.
  
  Note This is a temporary password that will be overwritten in step 9e.
5. Click to clear the User Must Change Password at Next Logon check box.
6. Click to select the Password never expires check box.
7. Click Create.
Use Windows Explorer to locate the directory that contains the Deployment Agent files.

Create a batch file that you name "Dcom.bat" in the DeployAgent directory that you copied from FSSMC server. Copy the following code into this file:

call DComPerm.exe -ml set "SDEP_MachineName" permit level:l,r,ll,la,rl,ra
call DComPerm.exe -ma set "SDEP_MachineName" permit level:l,r
call DComPerm.exe -ma set "NT AUTHORITY\ANONYMOUS LOGON" permit level:l,r
call DComPerm.exe -ma set "Distributed COM Users" permit level:l,r
call DComPerm.exe -al {414524B7-234A-4312-99C4-43C6E1F01782} set "SDEP_MachineName" permit  level:l,r,ll,la,rl,ra
call DComPerm.exe -aa {414524B7-234A-4312-99C4-43C6E1F01782} set "SDEP_MachineName" permit  level:l,r

Note Make sure that "SDEP_MachineName" is replaced by "SDEP_XYZ," where XYZ is the machine name of the remote server.

Make sure that the Dcomperm.exe file is located in the DeployAgent directory. Then, run the Dcom.bat file.
Log on to the FSSMC server, and then open the Forefront Server Management Console. Then, follow these steps:
1. Click Servers, and then click Add Servers.
2. On the Add Servers page, enter the remote server name in the Server Names field, and then click Verify.
3. Select your server group, and then click Add Servers.
4. Verify that the remote server name is selected, and then click Deploy Agent.
5. Enter the user name and password that are required for remote installations, and then click Continue.
  
  A Status window appears, and it provides details about the progress of the agent's installation.
6. After Agent Installed appears in the Status field, and after Done appears in the Details field, click Close.