Network Access Protection Client Agent Properties: Evaluation Tab
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
These settings define how clients that support Network Access Protection (NAP) in Configuration Manager 2007 evaluate their compliance to produce a statement of health (SoH). NAP evaluation occurs by default when the client attempts to connect to the network, and on a recurring schedule.
For more information about the statement of health, see About the Statement of Health (SoH) in Network Access Protection.
If you change the default evaluation schedule in this dialog box, ensure that you configure a value that is lower than the configured statement of health validity period on the System Health Validator point. If the compliance evaluation on the client occurs less frequently than the validity period, clients will be found non-compliant by the System Health Validator point.
In this scenario, remediation will instruct clients to re-evaluate their compliance and produce a current statement of health. This process might take a few minutes to complete, so if you are enforcing compliance with limited network access, computers will not be able to access network resources during this re-evaluation time.
This tab contains the following elements:
UTC (Coordinated Universal Time)
This setting defines whether clients evaluate their compliance with Configuration Manager 2007 NAP policies according to coordinated universal time (the default) or local time. Select this option if you want all clients in the site to use coordinated universal time. Cancel this selection if you want all clients in the site to use their configured local time.
The default setting is UTC (Coordinated Universal Time).
Force a fresh scan for each evaluation
Selecting this setting is the most secure configuration, but will result in a delay for connecting clients as they wait for their NAP evaluation to complete.
If this option is not selected, clients will return the cached results from their most recent NAP evaluation. How current that cached information is depends on the schedule configured in this dialog box.
The default setting is to not force a fresh scan for each evaluation.
By default, NAP-capable clients reevaluate their statement of health with a simple schedule of every day, but this can be modified by changing the frequency and interval. Alternatively, you can select to configure a custom schedule.
Make sure that this setting is lower than the configured validity period on the System Health Validator point, or clients will more frequently go into remediation to produce a new statement of health. For more information about configuring the validity period, see How to Specify the Validity Period for the Statement of Health.
- Custom schedule
This allows you to configure a start date and time for NAP reevaluation, with recurrence settings. To configure the custom schedule, click Customize.
When the Custom schedule is selected, this allows you to configure a start date and time with a recurrence pattern.
Saves the changes and exits the dialog box.
Exits the dialog box without saving any changes.
Saves the changes and remains in the dialog box.
About the NAP Client Status in Network Access Protection
About Compliance for Network Access Protection in Configuration Manager
About NAP Evaluation in Network Access Protection
About System Health Validator Points in Network Access Protection
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.