Determine If You Should Install a System Health Validator Point for Network Access Protection
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
Install a System Health Validator point in the Configuration Manager 2007 site if all of the following conditions apply:
Configuration Manager can publish to Active Directory Domain Service.
You want to enforce compliance of software updates using Network Access Protection (NAP) for one or more sites in your Configuration Manager hierarchy.
The Windows infrastructure is in place for NAP, including Network Policy Servers on Windows Server 2008.
One or more sites in the Configuration Manager 2007 hierarchy will be enabled for NAP, and in this site some Configuration Manager clients support NAP.
A computer is running Windows Server 2008 and is configured as a Network Policy Server in the Configuration Manager site.
If you are using NAP with Configuration Manager, you do not necessarily need a System Health Validator point in each Configuration Manager site. You will need to coordinate with the administrators for Network Policy Servers in deciding the number and location of System Health Validator points in the Configuration Manager hierarchy.
Generally, you will need to install a System Health Validator point on all servers running Network Policy Server and that are configured with policies for NAP. If all these servers are in a single Configuration Manager site, it will be easier to configure them because all System Health Validator points in a single Configuration Manager site share the same configuration. If possible, install them in the highest primary site or in your central site, where you create your Configuration Manager NAP policies. However, if you need different configurations for your System Health Validator points, you must install them in different sites.
Configuration Manager does not assign clients to System Health Validator points; this process is handled by the Windows NAP infrastructure.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.