Export (0) Print
Expand All
1 out of 3 rated this helpful - Rate this topic

About Configuration Manager NAP Policies in Network Access Protection

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

Use the following information to understand what Configuration Manager NAP policies are and their role in Configuration Manager 2007 Network Access Protection (NAP). You will need to create, configure and manage Configuration Manager NAP policies if you want to enforce software updates with Network Access Protection, and will see references to them in the Policies home page, and the Network Access Protection report List of Network Access Protection policies.

Configuration Manager NAP Policies

Configuration Manager NAP policies in Configuration Manager 2007 contain software updates that your company decides are required for compliance by a defined date (the effective date).

When you enable the Configuration Manager 2007 Network Access Protection client agent for a site, Configuration Manager NAP-capable clients assigned to that site will evaluate their compliance by using the Configuration Manager NAP policies that are created on that site or inherited from a parent site.

NAP-capable clients receive Configuration Manager NAP policies with their machine policy, which is downloaded according to the computer client agent polling interval (by default, every hour), or it can be initiated locally from the client (for example, through scripting or Configuration Manager in Control Panel).

If the validation process on the System Health Validator point discovers that the client did not evaluate with up-to-date Configuration Manager NAP policies, the System Health Validator point deems the client non-compliant, even if it is before the effective date in the Configuration Manager NAP policies. This then triggers the client to download its machine policy (which contains the latest Configuration Manager NAP policies) and re-evaluate its compliance to produce a more up-to-date client statement of health.

Applying Configuration Manager NAP policies to new Configuration Manager 2007 clients will have a natural latency until clients are successfully assigned to a site, download policy and evaluate their compliance. Until this process is complete, the client will send a compliant status in its client statement of health to the System Health Validator point.

Managing Configuration NAP Policies

For administrator tasks related to Configuration Manager NAP policies, see How to Configure Configuration Manager NAP Policies for Network Access Protection.

See Also

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.