Using Windows PowerShell Commands to Export and Import Forefront Protection 2010 for SharePoint Configuration Settings in a Multi-Server Environment
If you have multiple instances of Forefront Protection 2010 for SharePoint (FPSP) installed in your messaging environment, you can use Windows PowerShell commands in the Forefront Management Shell to manage FPSP configuration settings among multiple servers. Each instance of FPSP must be installed individually and Windows PowerShell provides a mechanism with which you can configure and then deploy different FPSP configuration settings (policies) to different FPSP servers using simple export and import commands.
Note: Alternatively, if you are managing FPSP on multiple SharePoint servers, you can use the Microsoft Forefront Protection Server Management Console (FPSMC) to manage your FPSP instances. You can download FPSMC from the Microsoft Download Center at the following location: Microsoft Forefront Protection Server Management Console (FPSMC). Documentation for FPSMC can be found in the TechNet library at Forefront Protection Server Management Console.
1. On each SharePoint server in your environment, install each instance of FPSP individually by performing the following steps. (If you have already installed multiple instances of FPSP, you can proceed to step 2.)
Important: The account used to install FPSP should be entered using the Domain\Account format when the server is part of a domain. This account must be a member of the Local Administrators group on the SharePoint server and have SharePoint Farm Administrators privileges. If SharePoint is configured to connect to the database using Windows authentication, this account must also be a member of the SQL Sysadmin role on the database server.
a. Double-click the forefrontsharepointsetup.exe file in order to launch the Setup Wizard.
b. Read and accept the license agreement.
c. Optionally specify the Program Folder and Data Folder if you will not be using the defaults.
d. If you will be using a proxy server for engine and definition updates, specify this information.
e. Specify an account and password for database access. Use the Domain\Account format when the server is part of a domain. This account must be a member of the Local Administrators group on the SharePoint server and have SharePoint Farm Administrators privileges. If SharePoint is configured to connect to the database using Windows authentication, this account must also be a member of the SQL Sysadmin role on the database server..
f. Optionally opt-in to use Microsoft Update to check for updates, and to join the Customer Experience Improvement Program.
g. Review and confirm your selected settings and begin the installation.
2. Configure an instance of FPSP on one of your SharePoint servers. Although FPSP offers malware protection “out-of-the-box,” you will likely want to configure certain FPSP settings so that it will perform optimally within your SharePoint environment.
Tip: If you want to deploy different FPSP configurations (policies) to different servers, you may want configure multiple FPSP servers, each with different configuration settings, and then perform a series of exports and imports to various target servers.
3. On the configured FPSP server, using Windows PowerShell commands in the Forefront Management Shell, export your FPSP configuration settings by performing the following steps:
a. Create a new folder for your settings (for example: **C:\**ConfigSettings).
b. Access the Forefront Management Shell by clicking Start, pointing to All Programs, pointing to Microsoft Forefront Server Protection, and then clicking Forefront Management Shell.
c. To export the configuration file to an .xml file, enter the following Windows PowerShell command, using the -path parameter to identify the name of the .xml file to be created and the folder into which it should be placed:
Export-FsspSettings -path c:\ConfigSettings\Export.xml
Note: Extended options are not included when running this command.
d. If you have set any extended options, you can export these settings to a text file that can be referenced if you will be configuring extended options on the target computer. To export all extended options to a text file called Extended.txt, type the following Windows PowerShell command (the "*" value of the -name parameter causes all extended options to be exported):
Get-FsspExtendedOption -name * >> c:\ConfigSettings\Extended.txt
**4. ** You can import the configuration settings from the server specified in step 3 to additional FPSP servers.
a. On the target server, access the Forefront Management Shell by clicking Start, pointing to All Programs, pointing to Microsoft Forefront Server Protection, and then clicking Forefront Management Shell.
b. To import the configuration file, enter the following Windows PowerShell command (where path is the location and name of the .xml file created in the previous procedure):
Import-FsspSettings -path c:\ConfigSettings\Export.xml
c. To list all of your current extended options, along with their values, enter the following Windows PowerShell command:
Get-FsspExtendedOption -name *
d. Compare your current extended options to the options you previously exported to the Extended.txt file.
e. If you want to modify any of your current extended options, enter the following Windows PowerShell command:
Set-FsspExtendedOption -name name -Value value
Where name is the parameter name and value is the new parameter value. You must enter each extended option separately.
f. If you want to recreate extended options that do not exist on your current system, enter the following Windows PowerShell command:
New-FsspExtendedOption -name name -Value value
Note: If you are using the export/import functions as part of a backup and/or disaster recovery plan for your FPSP installations, you should consult the Backing up and restoring FPSP topic in the TechNet library.
More information