Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
System Center Configuration Manager TechCenter
Click to Rate and Give Feedback

  Switch on low bandwidth view
Configuring Remediation Server Groups for Configuration Manager Network Access Protection

Applies To: System Center Configuration Manager 2007

Topic last updated -- August 2007

Remediation server groups are used with Network Access Protection if you are using DHCP Network Access Protection enforcement or VPN Network Access Protection enforcement. They are not used with 802.1X Network Access Protection (NAP) enforcement mechanism, or IPsec NAP enforcement with a Health Registration Authority. However, with IPsec NAP enforcement, all remediation servers should be configured as boundary servers.

Remediation servers in Network Access Protection are servers that are available on the restricted network. For Configuration Manager 2007, remediation servers include management points, software update points, and the distribution points that host the software updates required to bring computers into compliance. You might also need infrastructure servers such as DNS servers for name resolution, domain controllers for authentication and Group Policy, and a global catalog server for locating Configuration Manager 2007 services.

You configure remediation server groups on the Network Policy Server and reference a particular remediation server group as part of the network policy for non-compliant computers.

Do not add Configuration Manager 2007 remediation servers to a Network Policy Server remediation server group. When remediation is invoked, the client automatically requests connections to its management point, software update point, and the nearest distribution points that host any required software updates. However, you will still need to create or configure a remediation server group that contains infrastructure servers such as DNS servers.

noteNote
Do not add the Network Policy Server into the remediation server group. This server is automatically added, although not visible in the Network Policy Server console.

To configure a remediation server group in Network Policy Server, follow these steps:

  1. Load the Network Policy Server console, and expand Network Access Protection.

  2. Right-click Remediation Server Groups, and then click New.

  3. In the New Remediation Server Group dialog box, supply a name for the Group Name that you will select in the non-compliant network.

  4. Click Add, and in the Add New Server dialog box, supply a descriptive name of your choice for the Friendly Name, type the IP address or DNS name of the remediation server.

  5. If you typed a DNS name, you can optionally click Resolve to ensure that the name resolves successfully to an IP address.

  6. Click OK to close the Add New Server dialog box.

  7. If you require additional remediation servers, repeat steps 4 through 6.

  8. Click OK to close the New Remediation Server Group dialog box.

See Also

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
Page view tracker