Forefront Client Security to use Windows updates not WSUS
We currently deploy Forefront Client Security as our AV product to our estate and we use WSUS to get any definition update required.
However, we have a number of laptops that have been taken off site and have not been receiving any virus definition updates because they are off the domain.
We have a GPO in place that disables Windows Updates on all clients and redirects it to our WSUS server and we then use SCCM to push out our updates.
We also have a VPN client that won't allow you to connect to the network unless your virus definitions are up to date. This is obviously an issue as anyone who has a laptop and hasn't connected to the domain in a while won't have the latest windows updates or virus definitions applied.
We need a way of ensuring those laptops get the latest updates before connecting via VPN.
Is there any way to do this?
Rgds,
Mark
Answers (1)
If they are Windows 7 you can download the powershell windows update module on them and extract it to the powershell module directory. keep in mind that when you extract it, it may have two folders of the same name like in the below example. You can set this to run every Wednesday after patch Tuesday.
run the following commands in powershell:
Import-Module -Name C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSWindowsUpdate\PSWindowsUpdate -Verbose
Get-WUInstall -IgnoreUserInput -NotCategory "Internet Explorer", "Bing" -AcceptAll -Ignorereboot
you can also force a reboot if you want but I ignored the reboot and did not update internet explorer. Play with it, it has many different ways of configuring it and it does it all in the command shell.