Network Access Protection Commands for NPS

add remediationserver [ remediationservergroup = ] remediationservergroup [ address = ] address [ [ name = ] name ]

remediationservergroup

Required. Specifies the name of the remediation server group to which you want to add servers.

address

Required. Specifies the Fully Qualified Domain Name (FQDN) or IP address Of the remediation server that you want to add.

name

Optional. Specifies the friendly name of the remediation server that you want to add.

The following example adds a remediation server with the FQDN Server1.adatum.com to a remediation server group named Servers1. The friendly name for the server is Seattle Remediation server.

add remediationserver remediationservergroup = "Servers1" address = "Server1.adatum.com" name = "Seattle Remediation server"

add remediationservergroup [ name = ] name

name

Required. Specifies the name of the remediation server group that you want to add to the Network Policy Server (NPS) configuration.

add shvtemplate [ name = ] name [ [ id = ] id [ config = ] ALLMUSTPASS | ALLMUSTFAIL | ONEMUSTPASS | ONEMUSTFAIL ]

name

Required. Specifies the friendly name of the health policy.

id

Optional. Specifies one or more valid SHV IDs separated by a comma. If no ID is specified, all SHVs are selected.

config

Optional. Specifies the amount of SHVs that must pass or fail for the conditions of the network policy to be matched. If ALLMUSTPASS is designated, all SHVs configured in the health policy must pass for the conditions of the network policy to be matched. If ALLMUSTFAIL is designated, all SHVs configured in the health policy must fail for the conditions of the network policy to be matched. If ONEMUSTPASS is designated, one SHV configured in the health policy must pass for the conditions of the network policy to be matched. If ONEMUSTFAIL is designated, one SHV configured in the health policy must fail for the conditions of the network policy to be matched. The default is ALLMUSTPASS.

In the following example, a health policy named HealthPolicy1 is added to the NPS server configuration.

add shvtemplate name = "HealthPolicy1"

In Windows Server 2008 R2, this Netsh command is modified from the version in Windows Server 2008, and might provide different functionality. For more information, see Netsh Commands for Network Policy Server in Windows Server 2008 R2

delete remediationserver [ remediationservergroup = ] remediationservergroup [ address = ] address [ [ name = ] name ]

remediationservergroup

Required. Specifies the name of the remediation server group from which you want to delete a server.

address

Required. Specifies the FQDN or IP address of the remediation server that you want to delete.

name

Optional. Specifies the friendly name of the remediation server that you want to delete.

delete remediationservergroup [ name = ] name

name

Required. Specifies the name of the remediation server group that you want to delete from the NPS server configuration.

delete shvtemplate [ name = ] name

name

Required. Specifies the friendly name of the health policy that you want to delete.

rename remediationserver [remediationservergroup = ] remediationservergroup [ address = ] address [ newaddress = ] newaddress

remediationservergroup

Required. Specifies the name of the remediation server group that contains the remediation server that you want to rename.

address

Required. Specifies the FQDN or the IP address of the remediation server that you want to rename.

newaddress

Required. Specifies the new FQDN or IP address of the remediation server that you want to rename.

The following example changes the name of the remediation server Server1.adatum.com in the remote remediation server group Servers1 to Remediation-01.adatum.com.

rename remediationserver remediationservergroup = "Servers1" address = "Server1.adatum.com" newaddress = "Remediation-01.adatum.com"

rename remediationservergroup [ name = ] name [newname =] new name

name

Required. Specifies the name of the remediation server group that you want to rename.

newname

Required. Specifies the new name for the remediation server group.

The following example changes the name of a remediation server group from Servers1 to Servers2.

rename remediationservergroup name = Servers1 newname = Servers2

rename shvtemplate [ name = ] name [ newname = ] new name

Parameters

name

Required. Specifies the existing name of the health policy.

newname

Required. Specifies the new name for the health policy.

The following example changes the name of a health policy from HealthPolicy1 to HealthPolicy2.

rename shvtemplate name = "HealthPolicy1" newname = "HealthPolicy2"

reset remediationserver [ remediationservergroup = ] remediationservergroup

remediationservergroup

Required. Specifies the name of the remediation server group that contains the remediation server that you want to reset.

reset remediationservergroup

reset shv

reset shvtemplate

set remediationserver [ remediationservergroup = ] remediationservergroup [ address = ] address [ [ name = ] name ]

remediationservergroup

Required. Specifies the name of the remediation server group to which you want to add servers.

address

Required. Specifies the FQDN or IP address of the remediation server that you want to add.

name

Optional. Specifies the friendly name of the remediation server that you want to add.

set shv [ id = ] id [ [ unreachablepolicyserver = ] NONCOMPLIANT | COMPLIANT [ unreachableremediationserver = ] NONCOMPLIANT | COMPLIANT [ shafailure = ] NONCOMPLIANT | COMPLIANT [ napserverfailure = ] NONCOMPLIANT | COMPLIANT [ othererrors = ] NONCOMPLIANT | COMPLIANT ]

id

Required. Specifies the ID number of the SHV.

unreachablepolicyserver

Optional. Specifies the error that is returned when the SHV's policy server cannot be contacted. If you specify NONCOMPLIANT, the NAP client is treated as noncompliant. If you specify COMPLIANT, the NAP client is treated as compliant. The default is NONCOMPLIANT.

unreachableremediationserver

Optional. Specifies the error that is returned when the system health agent (SHA) cannot contact the remediation server and cannot successfully update a noncompliant NAP client. If you specify NONCOMPLIANT, the NAP client is treated as noncompliant. If you specify COMPLIANT, the NAP client is treated as compliant. The default is NONCOMPLIANT.

shafailure

Optional. Specifies the error that is returned when the SHA has an internal failure. If you specify NONCOMPLIANT, the NAP client is treated as noncompliant. If you specify COMPLIANT, the NAP client is treated as compliant. The default is NONCOMPLIANT.

napserverfailure

Optional. Specifies the error that is returned when the NAP server produces an internal failure. If you specify NONCOMPLIANT, the NAP client is treated as noncompliant. If you specify COMPLIANT, the NAP client is treated as compliant. The default is NONCOMPLIANT.

othererrors

Optional. Specifies all other errors in the NAP infrastructure. If you specify NONCOMPLIANT, the NAP client is treated as noncompliant. If you specify COMPLIANT, the NAP client is treated as compliant. The default is NONCOMPLIANT.

The following example sets an SHV with the ID of 79744.

set shv id = "79744"

set shvtemplate [ name = ] name [ [ id = ] id [ config = ] ALLMUSTPASS | ALLMUSTFAIL | ONEMUSTPASS | ONEMUSTFAIL ]

name

Required. Specifies the friendly name of the health policy.

id

Optional. Specifies one or more valid SHV IDs separated by a comma. If no ID is specified, all SHVs are selected.

config

Optional. Specifies the amount of SHVs that must pass or fail for the conditions of the network policy to be matched. If ALLMUSTPASS is designated, all SHVs configured in the health policy must pass for the conditions of the network policy to be matched. If ALLMUSTFAIL is designated, all SHVs configured in the health policy must fail for the conditions of the network policy to be matched. If ONEMUSTPASS is designated, one SHV configured in the health policy must pass for the conditions of the network policy to be matched. If ONEMUSTFAIL is designated, one SHV configured in the health policy must fail for the conditions of the network policy to be matched. The default is ALLMUSTPASS.

In Windows Server 2008 R2, this Netsh command is modified from the version in Windows Server 2008, and might provide different functionality. For more information, see Netsh Commands for Network Policy Server in Windows Server 2008 R2

show napserverinfo

[ remediationservergroup = ] remediationservergroup

Remediationservergroup

Required. Specifies the name of the remediation server group in which the server(s) reside.

show remediationservergroup

show shv

show shvtemplate