Table of Contents



If you have multiple servers protected by FSE in your messaging environment and want to configure them identically, the best method is to use FSE templates.  Templates can be configured on one instance of FSE and distributed to other servers manually or automatically using the Forefront Server Security Management Console.

Templates are useful for controlling the configuration of Forefront Security for Exchange Server on multiple servers from a central location, controlling the configuration of scan jobs and other functions at installation, and defining configuration settings for newly mounted storage groups.

About templates


When FSE is installed, it creates default templates for the various scan jobs, scan engines, and notifications. The scan jobs are configured to use the values in the default templates. Administrators can also create templates for file filter and content filter settings and additional scan job templates as needed. (These are called "named templates".)
The Template.fdb file contains the following default templates:
To view templates in the Forefront Server Security Administrator, click File, click Templates, and then click View Templates. The default and named templates are displayed in the various work panes.

To create and distribute configuration templates to multiple servers

You will first need to configure the template file on one instance of FSE and then distribute the template to your other FSE installations.  You can either configure the Default template or create a new template.  For this example, we will create a new template, but configuring the Default template is done in the same way.

  1. Click File, click Templates, and then click New. The New Template dialog box appears.
  2. Select the Type of template you would like to create (Transport, Realtime, Manual, or Filter Set).
  3. Give the template a Name (For example, Transport scan template), and then click OK. The new template is created and becomes a choice in the list in the top pane and in the Template list in the bottom pane of the Template Settings work pane.
  4. From the list in the top pane, select your new template. If the templates are not visible, you can display them by clicking File, selecting Templates, and then clicking View Templates.
  5. Click the appropriate work pane to configure the template. For example, if you have created a Transport template, select Antivirus Job in the SETTINGS section of the Shuttle Navigator and configure the template as you would a Transport scan job. Click Save when you are done.
Once you have created the template, you can either manually copy it to other servers or use the FSSMC to distribute the template to other servers.

To manually copy the template

 

1.       On the server where you created the new template, open the data folder C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\Data and copy the template.fdb file to a shared folder on your network.

2.       On the server where you would like to deploy the new template, re-name the existing template.fdb (For example, old_template.fdb) in case you need to roll-back to that template file for any reason. After you have re-named the original template file, access the shared folder where you saved the new template and copy the template.fdb file to the data folder: C:\Program Files (x86)\Microsoft Forefront Security\Exchange Server\Data

3.       Open the Forefront Server Security Administrator on the server where you just saved the template.

4.       In the SETTINGS section of the Shuttle Navigator, select Templates.

5.       In the list in the top pane, select the scan job to associate with the template you have just saved. For example, select the Transport scan job.

6.       In the lower work pane, select the desired template from the Template list.

7.       Click Load From Template.

8.       Click Save. The scan job’s settings are reconfigured to those in the selected template.

Note: You can configure templates for each scan job and filters and distribute them at the same time, because all the templates are saved in the template.fdb file.

To use FSSMC to distribute the template

To deploy Forefront Security template files to remote servers, you must configure a template package and then create and run a deployment job for the target servers.

Creating a template package


A template package consists of the template file (template.fdb) and the associated template options. Configure your Template file using the Microsoft Forefront Server Security Administrator on a local Forefront Security server. After the template has been configured, create a template package.

To create a template package

  1. Click Packages in the Job Management section of the Navigation Area. The Manage Packages work pane appears.
  2. Click