A Configuration Manager 2007 Network Access Protection (NAP) policy defines which software updates a NAP-capable client must have by a specified date to be compliant.
There are a number of ways that you can create a NAP policy in Configuration Manager. If you are using role separation in Configuration Manager such that administrators who create and manage NAP policies do not also create and manage the software updates feature, then Configuration Manager NAP policies should be created with the New Policies Wizard only. This wizard is initiated from the Policies node under the Network Access Protection Node in the Configuration Manager console.
Note |
---|
For more information about role separation for NAP in Configuration Manager, see Determine Administrator Roles and Processes for Network Access Protection. |
However, if the same administrators create and manage both software updates and NAP in Configuration Manager, use the following table to help you decide how to create Configuration Manager NAP policies.
Method of Creating NAP Policy | When to Use This Method | ||
---|---|---|---|
Use the New Policies Wizard that is initiated from the Policies node under the Network Access Protection node in the Configuration Manager console. |
If you are deploying a NAP policy as an expedited deployment, for example, to urgently protect computers from a zero-day exploit, you might find that using the New Policies Wizard is quicker than using one of the methods that are initiated from the Software Updates node. If you are deploying NAP policies after software update deployments or packages have been configured, you might find that using the New Policies Wizard is quicker than using one of the methods that are initiated from the Software Updates node. |
||
Use the Deploy Software Update Wizard when creating a software deployment. |
If all the software updates in a deployment will be selected for a NAP policy that share the same Effective Date. If you are deploying NAP polices as a phased deployment, with the Effective Date in the policy configured to be a set period of time after the configured deadline for the software update deployment. |
||
Modify the properties of a software update in the update repository. |
If you find it easier to locate the software updates you want to include in NAP policies using the Update Repository node. For example, you use the update classifications or products to quickly find the software updates you require for NAP policies.
|
||
Modify the properties of a software update in a software update deployment package. |
If you find it easier to locate the software updates you want to include in NAP policies using Deployment Packages under the Software Updates node. For example, the software updates you want to include in NAP policies are downloaded but not configured in software update deployments. |
||
Modify the properties of a software update in a software update deployment |
If you find it easier to locate the software updates you want to include in NAP policies using Deployment Management under the Software Updates node. For example, you have already created the software update deployment and later want to create NAP policies for all the software updates in the deployment. |
||
Modify the properties of software updates that are displayed in software updates search folders. |
If you find it easier to locate the software updates you want to include in NAP policies using search folders under the Update Repository node. For example, you have already identified critical software updates that you want to add to NAP policies and created a search folder for them. |
For procedural information on how to create Configuration Manager NAP policies using each of these methods, see How to Create a Configuration Manager NAP Policy for Network Access Protection.