The Client Security BPA was posted to the download center shortly after FCS released. The initial release included five basic checks of an FCS server installation which are described in the TechNet documentation here. This week we released the first additions to those checks.
These new checks focus on the FCS-related configuration of a WSUS server, either with or without the distribution role installed. The new checks are described in KB976986 which will also be updated with descriptions any future revisions or additions to the FCS v1 BPA checks.
To test drive the new additions, visit the download center (http://go.microsoft.com/fwlink/?LinkID=98401) and install the BPA on an FCS server (any role) or a standalone WSUS server used by Client Security clients. After installation, to run the best practice analyzer, execute fcsbpa.exe, which is located in the BPA folder beneath your Client Security installation directory. For example: C:\Program Files\Microsoft Forefront\Client Security\BPA\fcsbpa.exe.
(yes, there is still no shortcut added to the startup menu, that is on the list of future additions)
Thanks and happy analyzing, Craig Wiand Microsoft Forefront Escalation Engineer