IT tutorials
 
Technology
 

System Center Configuration Manager 2007 : Patch Management - Using NAP to Protect Your Network (part 1) - NAP Prerequisites , Agent Settings

10/5/2013 1:48:10 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

A Windows 2008 server installed with the NPS role implements system health checks against Windows systems on the network. Those systems failing these health checks are subject to various actions, including the following:

  • Reported on

  • Denied access to the network

  • Placed into a quarantine status with limited network access

The Network Access Protection (NAP) functionality included in ConfigMgr 2007 extends the NAP functionality built in to Windows Server 2008, implementing a system health check based on the mandatory software updates configured in ConfigMgr. The next sections discuss this process.

NAP Prerequisites

ConfigMgr implements NAP using a new site system role—the System Health Validator (SHV) point. Install this new role on a Windows Server 2008 system that has the NPS role already installed. Perform the following steps on this system to install the SHV:

1.
In the ConfigMgr console, navigate to Site Database -> Site Management -> <Site Code> <Site Name> -> Site Settings -> Site Systems.

  • If the system running NAP is not currently a site system, right-click Site Systems and then choose New -> Server to launch the New Site System Server Wizard. Enter the name of the site system and the intranet-accessible FQDN of the NAP server.

  • If the NAP server already is a ConfigMgr site system, right-click the server and choose New Roles from the context menu. This launches the New Site Role Wizard, which looks and acts exactly like the New Site System Server Wizard, except the wizard has already filled in the site system name and intranet FQDN for you.

2.
For either wizard, choose Next and then choose System Health Validator Point from the list of available site roles.

3.
Click Next on each subsequent wizard page. There are no configuration options inside ConfigMgr itself.

Additionally, you must extend Active Directory for ConfigMgr . Extending AD is required because NAP uses the System container to store Health State References. The site server publishes Health State References used during client evaluation to ensure the most current policies are used.

On the client side, NAP only works with Windows Vista, Windows Server 2008, and Windows XP SP 3 (and above) clients. This is because only these operating systems include the NPS agent. Unfortunately, no download is available to make any other version of Windows work with NPS or NAP.

Agent Settings

By default, the NPS Client agent is disabled in a ConfigMgr site and must be enabled. Perform the following steps:

1.
In the ConfigMgr console, navigate to Site Database -> Site Management -> <Site Code> <Site Name> -> Site Settings -> Client Agents.

2.
Right-click Network Access Protection Client Agent and then select Properties.

The first page of the Network Access Protection Client Agent Properties dialog box has a single check box allowing you to enable (or disable) the agent.

On the Evaluation tab, displayed in Figure 1, you can configure three settings:

  • UTC (Coordinated Universal Time)— This configures the client agent to assess computer system health according to UTC time rather than client local time. This setting is beneficial for those clients that roam between time zones, and ensures reevaluations are performed on a fixed time scale rather than a variable one caused by the client moving between the time zones.

  • Force a fresh scan for each evaluation— This option ensures cached evaluation results are not used when a client reconnects to a network in between configured evaluation times. Forcing an additional scan can cause delays in connecting to the network, which can adversely affect mobile systems.

  • Schedule— This section of the page lets you set either a simple or a detailed schedule of when you want to perform a system health check.

Figure 1. Configuring NAP Client agent properties


Similar to other ConfigMgr Client agents, the NPS Client agent settings are sitewide without a direct way to override them for individual systems.

 
Others
 
- Implementing Edge Services for an Exchange Server 2007 Environment : Managing and Maintaining an Edge Transport Server
- Implementing Edge Services for an Exchange Server 2007 Environment : Implementing Safelist Aggregation for Outlook 2003 and Outlook 2007
- Implementing Edge Services for an Exchange Server 2007 Environment : Using EdgeSync to Synchronize Active Directory Information to the Edge Transport Server
- Implementing Edge Services for an Exchange Server 2007 Environment : Using Address Rewriting to Standardize on Domain Address Naming for an Organization
- Implementing Edge Services for an Exchange Server 2007 Environment : Using Sender Reputation to Filter Content
- Microsoft Systems Management Server 2003 : Creating Collections (part 3) - Creating Subcollections, Unlinking Subcollections
- Microsoft Systems Management Server 2003 : Creating Collections (part 2) - Creating a Query-Based Collection
- Microsoft Systems Management Server 2003 : Creating Collections (part 1) - Creating a Direct Membership Collection
- Microsoft Systems Management Server 2003 : Collections - Defining Collections
- Introducing Microsoft Exchange Server 2013 : Useful utilities - MFCMAPI
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us