I’ve had some changes in my network lately; some computers renamed, others removed, etc. I use Forefront Client Security to manage anti-virus and anti-malware for the entire network. The problem is that it tracks non-reporting computers. This is a good feature, but, in this case, I don’t want to know that computers that no longer exist on my network are not reporting.

I did a half-hearted search for how to expunge the data from the Forefront administration reports, but did not find anything of value. The user interface for administration is very minimalistic and does not provide any real administration options other than reporting. I poked around in the SQL Server database that it runs off of and here is how I removed the computers:

1. Connect to SQL Server that holds Forefront database.
2. Open database OnePoint
3. Query the Computers table for the idComputer field of the computer that you wish to remove.
4. Run ComputerDeleteUnusedComputer with the idComputer you found.

-- ReturnStatus values (returned in select clause with computer id)
--  0 - Computer deleted
--  1 - Alerts exist
--  2 - Events exist
--  4 - Perf samples exist
--  8 - ComputerResponsiblity Rows exist
-- 16 - is a consolidator
-- 32 -
-- 64 -
--      values are added together if more than one kind of data
--      exists for the computer

5. If a status other than 0 is returned then you must address the issues shown above and then rerun ComputerDeleteUnusedComputer. For my computers, the only issues I ran across were 1 and 2. For 1, I deleted the Alert and AlertEventSuppression records that corresponded to the idComputer. For 2, it is a bit more involved. There are 61 Event tables in the database named Event_## with the idLoggedOn column being the associate for idComputer. I couldn’t find a good way to delete the associated events for the computers other than cycling through delete statements for the Event_## tables until all of the records for my computers were gone. Luckily for me this happened around Event_20.

Although the OnePoint database is not the worst that I have seen, it is far from winning any awards for database design/architecture. Fortunately though, the means were there to get the job done that I needed to do. I have to think that Microsoft has a user interface to complete these functions, but I could not find one.