Configure System Health Validators
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
System health validators (SHVs) define configuration requirements for NAP client computers. All SHVs include five error code conditions. If an error code is returned to the SHV, you can choose to have the SHV evaluate the client as either compliant or noncompliant. For more information about SHV error codes, see System Health Validators.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
Configure SHVs
When you install an SHV, it is added to the list of SHVs in the Network Policy Server (NPS) console and becomes available for use in health policies. The Windows Security Health Validator (WSHV) is available by default. Use the following procedure to configure the health requirements of an installed SHV.
Note
The Configure button referred to in the following procedure is not available on all SHVs. If this button is disabled, you must configure SHV requirements on a NAP health requirement server.
To configure system health validators in Windows Server 2008
On the NAP health policy server, click Start, click Run, type nps.msc, and then press ENTER.
In the NPS console tree, open Network Access Protection, and then click System Health Validators.
In the details pane, under Name, double-click the name of the SHV you want to configure.
To change the evaluation that is returned by NPS under specific error conditions, use the drop-down list next to each of the error conditions listed under Error code resolution. See the following example.
.gif)
For a description of these error conditions, see System Health Validators.
In the SHV properties window, click Configure.
The procedure to configure an SHV is unique to each SHV. Configuration choices for the WSHV are shown the following example.
.gif)
Click OK to close the SHV dialog box.
To configure system health validators in Windows Server 2008 R2
On the NAP health policy server, click Start, click Run, type nps.msc, and then press ENTER.
In the NPS console tree, open Network Access Protection, and then click System Health Validators.
In the NPS console tree, expand the name of the SHV you want to configure (for example, Windows Security Health Validator).
To configure error codes, in the NPS console tree, under the name of the SHV that you want to configure, right-click Error Codes, and then select Properties. Windows Security Health Validator dialog box opens. To change the evaluation that is returned by NPS under specific error conditions, you can use the drop-down list next to each of the available error conditions. For a description of these error conditions, see System Health Validators.
To configure SHV policy settings, in the NPS console tree, under the name of the SHV that you want to configure, click Settings.
If an SHV that you want to configure supports multi-configuration SHV, and you want to create additional settings, right-click Settings, click New, and then provide a friendly name for the new configuration.
If an SHV does not support multi-configuration SHV, and you want to configure its policy settings, right-click Default Configuration in the details pane, and select Properties.
Important
In Windows Server 2008 R2, when configuring WSHV (the default SHV that is available with Windows Server 2008 R2), whenever you create a new WSHV configuration, you must restart the Network Policy Server service. If you create a new WSHV configuration and do not restart the Network Policy Server service, and then select this new configuration to be applied to a compliant or a noncompliant health policy, this WSHV configuration is not applied to your health policy.