When all your site servers that are enabled for Network Access Protection (NAP) and System Health Validator points reside in the same Active Directory forest, no additional Network Access Protection configuration is required to support Network Access Protection in Configuration Manager 2007. However, Active Directory Domain Services must be extended with the Configuration Manager 2007 schema extensions and the site servers must be publishing to Active Directory Domain Services.

Network Access Protection is one of many Configuration Manager features that integrate with Active Directory Domain Services, so these configuration procedures might have already been performed.

Note
If your Network Access Protection implementation in Configuration Manager spans multiple forests, you will have additional configuration steps to perform forConfiguration Manager and Active Directory Domain Services. See the following for more information: About Network Access Protection and Multiple Active Directory Forests.

When your Configuration Manager hierarchy is entirely in one Active Directory forest, there are fewer configuration tasks you must perform to support Network Access Protection in Configuration Manager and the following default values will be used:

However, if you have not already done so for other Configuration Manager features, you must provision Active Directory and configure Configuration Manager to publish to Active Directory Domain Services.

To deploy Network Access Protection in Configuration Manager for a single forest, the following steps must be completed:

  1. The Active Directory schema must be extended with the Configuration Manager 2007 schema extensions.

  2. A System Management container must be created in each domain for each primary site that will be enabled for Network Access Protection.

  3. Permissions must be set appropriately on the System Management container for each site server.

  4. Each primary site in Configuration Manager enabled for Network Access Protection must be configured to publish to Active Directory Directory Domain Services.

For procedural information on completing steps 1 through to 3, see How to Extend the Active Directory Schema for Configuration Manager.

For procedural information on completing step 4, see How to Publish Configuration Manager Site Information to Active Directory Domain Services.

See Also