Next up in our registry key series: setting definition update keys via policy.
On the FCS TechNet library, the following registry key is described:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0
There are additional settings that you can use to change the day and time at which definition updates are performed.
In addition to the values in the above table, ScheduleDay can be configured to use the following values:
You can control the value for the time at which definition updates are performed by adding the ScheduleTime registry key to the same location as ScheduleDay.
ScheduleTime should be configured with a DWORD value that represents 12:00 AM – 11:59 PM. The value entered is the number of minutes past midnight (in local time), so specifying 120 would result in a definition update attempt at 2:00 AM. The maximum value is 1439, which would be 11:59 PM.
You may (correctly) note that these keys take the same values as the values for Scan\ScheduleDay and Scan\ScheduleTime, as noted here.
ScheduleDay will already exist in the registry (FCS already publishes it and sets it to 0x8). Your ADM/.reg file will be changing this value, not adding the key. However, as in the first post of this series (http://blogs.technet.com/clientsecurity/archive/2010/01/29/scanning-removable-drives.aspx), you must use either an ADM file via Group Policy or a .reg file to add the ScheduleTime key.
For the ADM file, start Notepad, and then copy and paste the following text into the Notepad file:
CLASS MACHINECATEGORY !!FCSCategoryPOLICY !!ScheduleKEYNAME "SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates" EXPLAIN !!ScheduleDay_Explain PART !!ScheduleDay_Name DROPDOWNLIST REQUIRED VALUENAME ScheduleDay ITEMLIST NAME "Every Day" VALUE NUMERIC 0 DEFAULT NAME "Sunday" VALUE NUMERIC 1 NAME "Monday" VALUE NUMERIC 2 NAME "Tuesday" VALUE NUMERIC 3 NAME "Wednesday" VALUE NUMERIC 4 NAME "Thursday" VALUE NUMERIC 5 NAME "Friday" VALUE NUMERIC 6 NAME "Saturday" VALUE NUMERIC 7 END ITEMLIST END PART PART !!ScheduleTime_Name DROPDOWNLIST REQUIRED NOSORT VALUENAME ScheduleTime ITEMLIST NAME "12:00am" VALUE NUMERIC 0 NAME "1:00am" VALUE NUMERIC 60 NAME "2:00am" VALUE NUMERIC 120 NAME "3:00am" VALUE NUMERIC 180 NAME "4:00am" VALUE NUMERIC 240 NAME "5:00am" VALUE NUMERIC 300 NAME "6:00am" VALUE NUMERIC 360 NAME "7:00am" VALUE NUMERIC 420 NAME "8:00am" VALUE NUMERIC 480 NAME "9:00am" VALUE NUMERIC 540 NAME "10:00am" VALUE NUMERIC 600 NAME "11:00am" VALUE NUMERIC 660 NAME "12:00pm" VALUE NUMERIC 720 NAME "1:00pm" VALUE NUMERIC 780 NAME "2:00pm" VALUE NUMERIC 840 NAME "3:00pm" VALUE NUMERIC 900 NAME "4:00pm" VALUE NUMERIC 960 NAME "5:00pm" VALUE NUMERIC 1020 NAME "6:00pm" VALUE NUMERIC 1080 NAME "7:00pm" VALUE NUMERIC 1140 NAME "8:00pm" VALUE NUMERIC 1200 NAME "9:00pm" VALUE NUMERIC 1260 NAME "10:00pm" VALUE NUMERIC 1320 NAME "11:00pm" VALUE NUMERIC 1380 END ITEMLIST END PARTEND POLICYEND CATEGORY[strings]FCSCategory="Microsoft Forefront Client Security"Schedule="Sets the time and date for definition updates for Client Security."ScheduleDay_Name="Set the definition update day"ScheduleDay_Explain="This setting sets the day of the week and the time of day when the FCS antimalware client will update definitions."ScheduleTime_Name="Set the definition update time"
Save the file as an ADM file, making sure to choose All files *.* as the file type (the KB suggests saving it with the KB ID number – for this one, you could use FCSSchedule.ADM as the file name), and then use Group Policy to deploy the new setting, as described in Option 1, step 2, in the KB article.
If you want to deploy the Schedule Time key via a .reg file, follow the steps described in Option 2 in the KB article, substituting the following registry information for step 4:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Signature Updates]
To confirm that your client has received and configured this policy, you can check in the Windows Task Scheduler. On a Windows Vista or Windows 7 computer, start the Task Scheduler:
If you have a client configured properly, you should see a scheduled task named MP Scheduled Signature Update set to the defined time: