Export (0) Print
Expand All

How to Configure a Configuration Manager NAP Policy for a Zero-Day Exploit in Network Access Protection

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

A zero-day exploit usually means administrators must ensure clients have a critical software update installed as soon as possible, rather than incorporating this update into the standard administrative routine of updating computers.

In this scenario, Network Access Protection (NAP) in Configuration Manager 2007 can be configured so that selected software updates are enforced in an expedited manner, even if this results in restricted network access. This configuration involves setting the effective date to As soon as possible and also configuring the statement of health time validation option Date created must be after (UTC).

To configure a Configuration Manager NAP policy for a zero-day exploit

  1. Configure your Configuration Manager NAP policy with an effective date of As soon as possible.

  2. In the System Health Validator Point Component Properties, on the General tab, enable the option Date created must be after (UTC) and specify the date and time that you created the Configuration Manager NAP policy.

See Also

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft