Configure Health Policies

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Health policies define which system health validators (SHVs) are evaluated, as well as how they are used to evaluate the health status of NAP client computers. Based on the results of SHV checks, health policies classify client health status. When you create a health policy, you can select one of seven SHV checks and enable one or more installed SHVs. For more information, see Health Policies.

Note

Health policies are not automatically enforced. To enforce a health policy, it must be added as a condition in network policy.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Configure health policies for NAP

When you use the NAP configuration wizard, health policies are created for you automatically. Use the following procedures to create new health policies or to modify an existing health policy.

To create a new health policy

  1. On the NAP health policy server, click Start, click Run, type nps.msc, and then press ENTER.

  2. In the Network Policy Server console tree, open Polices\Health Policies.

  3. Right-click Health Policies, and then click New.

  4. In the Create New Health Policy dialog box, under Policy name, type a friendly name for the new health policy.

  5. Under Client SHV checks, use the drop-down list to choose the requirements that NAP client computers must meet to match this health policy.

  6. Under SHVs used in this health policy, select the check box next to the SHVs that will be used to evaluate NAP client computers in this health policy. Clear the check box next to the name of an SHV to disable its use in this health policy.

Note

If your computer is running Windows Server 2008 R2, and if the SHV that is used in this health policy has multiple configurations, you can use the drop-down list under Settings and next to the SHV, to select a specific configuration. For more information about multi-configuration SHV, see Choose a Compliance Strategy at https://go.microsoft.com/fwlink/?LinkID=167448.

  1. Click OK, and then confirm that the new health policy is added to the list of policies under Policy Name.

To edit or delete an existing health policy

  1. On the NAP health policy server, click Start, click Run, type nps.msc, and then press ENTER.

  2. In the Network Policy Server console tree, open Polices\Health Policies.

  3. Click Health Policies, and then under Policy Name, right-click the name of a heath policy you want to modify.

    • To rename a health policy, click Rename, and then type a new name for the policy.

    • To delete a health policy, click Delete, and then click OK.

    • To modify a health policy, click Properties, and use the steps in the preceding procedure to change policy settings. Click OK to save your changes.

See Also

Concepts

Network Policies
System Health Validators