http://sccmnap.com/forums/4.aspxDiscussions around using ConfigMgr 2007 and integrating with the Widnows 2008 Network Access Protection Infrastructure. enCommunityServer 2007.1 (Build: 20917.1142)http://sccmnap.com/forums/thread/1.aspxMon, 07 Jan 2008 04:23:38 GMT2906aec6-345a-4fc4-b62b-e5a781cb4abd:1Richard Dixon0http://sccmnap.com/forums/thread/1.aspxhttp://sccmnap.com/forums/commentrss.aspx?SectionID=4&PostID=1<p class="MsoNormal" style="MARGIN:0in 0in 10pt;"><font face="Calibri" size="3">The way to: <b style="mso-bidi-font-weight:normal;">quoting a question i found;</b>&nbsp;“</font><span style="FONT-SIZE:7pt;COLOR:black;LINE-HEIGHT:115%;FONT-FAMILY:&#39;Arial&#39;,&#39;sans-serif&#39;;mso-fareast-font-family:&#39;Times New Roman&#39;;">how you&#39;d remediate the clients if there isn&#39;t a policy from the Longhorn server which tells the client to use an SCCM distribution point setup in the remediation network for updates,</span><font face="Calibri" size="3">” to answer this question, after having a Configuration Manger 2007 site setup and running properly and your Network Policy Server setup and running how you like, from the ConfigMgr 2007 console, install a ConfigMgr system health validator on the server running Network Policy Server, you must first add the computer account of the Site server (<i style="mso-bidi-font-style:normal;">Central Site</i>)<span style="mso-spacerun:yes;">&nbsp; </span>in the local administrators group on the Network Policy Server. After the installation of the ConfigMgr system health validator is successfully installed, you can then view and use the ConfigMgr system health validator in the Network Policy Server in the same manner as you do with the Windows system health validator. You can enable both or either. When you use the ConfigMgr system health validator, you’ll then have that option to tell clients to remediate with the ConfigMgr as the method to apply the updates required. From the Network Policy Server side, “I call it the NAP side of administration” you would only be able to configure policies to say what to remediate with (Windows or ConfigMgr) then that component would take over and do its job it was designed to do. From within the ConfigMgr 2007 console, “I call it the SCCM side of administration” you would configure ConfigMgr how you intend to manage and deploy updates to your desktops, what distribution points to use and management points. So once the ConfigMgr client gets a signal to remediate based on the systems non compliance matching configured policies in the Network Policy Server, the ConfigMgr client knows what to do and what distribution points to used based on configuration settings on the SCCM side of administration. In order for client be deemed non compliant for not having a particular update or updates, that update or updates must have what is called and Network Access Protection Enforcement policy applied to it from within the Configuration Manager 2007 console for client to know what updates must be installed in or to be compliant for Network Access Protection. </font></p>