Configure Network Policy for Reporting Mode
Updated: February 29, 2012
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
Reporting mode is one of the three primary phases of a NAP deployment. Data obtained from this stage allows you to estimate the impact to your user base when enforcement is enabled and to adjust policy settings or correct network infrastructure, as appropriate. Data also allows you to verify that NAP is working correctly and make infrastructure changes, if necessary. During this phase, NAP notifications are not presented to users and the network access of noncompliant client computers is not restricted. You can use the reporting mode stage to begin training technical support personnel. If your goals for deploying NAP are only to track overall client health and monitor elements of the security infrastructure that are leveraged by NAP system health agents (SHAs) and system health validators (SHVs), you might decide to leave your NAP deployment in reporting mode indefinitely.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To implement reporting mode, use a NAP enforcement setting of Allow full network access in noncompliant network policy.
Click Start, click Run, type nps.msc, and then press ENTER.
In the Network Policy Server console tree, open Policies\Network Policies.
In the details pane, under Policy Name, double-click the name of the network policy for noncompliant NAP client computers.
In the policy properties window, on the Settings tab, click NAP Enforcement, choose Allow full network access, and then click OK. See the following example.
Close the NPS console.