Enabling the Network Access Protection client agent makes it possible for Configuration Manager 2007 clients that support Network Access Protection (NAP) and are assigned to this site to evaluate software updates for their statement of health. Configuration Manager 2007 can also monitor clients that are in remediation for any NAP policy defined on the Network Policy Server.

After enabling the Network Access Protection client agent, you can then create, modify, and delete NAP policies for selected downloaded software updates in the Policies node under Network Access Protection.

If you do not have a System Health Validator point for computers in this site, non-compliant computers in this site cannot have Configuration Manager NAP policies enforced and cannot be restricted through Network Access Protection.

Note
If you cannot see the Policies node under Network Access Protection after enabling Network Access Protection, refresh the node Network Access Protection.

Before enabling the Network Access Protection client agent, ensure that clients have the Windows Network Access Protection Agent service started and set to automatic, and that the Windows Network Access Protection infrastructure is in place. For more information, see Administrator Checklist: Configure Network Access Protection for Configuration Manager.

To enable the Network Access Protection Client Agent

  1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / <site code> – <site name>/ Site Settings / Client Agents.

  2. Right-click Network Access Protection Client Agent, and then click Properties.

  3. On the General tab, enable the option Enable Network Protection on clients.

  4. Click OK.

See Also