Use the Health State Reference tab of the Configuration Manager 2007 System Health Validator Point Component properties dialog box to specify configuration relating to the Configuration Manager 2007 health state references, which are used by System Health Validator points to validate a client statement of health.
For more information about the health state references, see About NAP Health State References in Network Access Protection.
 Important |
|---|
| The Active Directory forest that will contain the published health state references must be extended with the Configuration Manager 2007 schema extensions, have a System Management container, and have Configuration Manager 2007 configured to publish to Active Directory Domain Services. For information about how to extend the Configuration Manager 2007 schema and publish to Active Directory Domain Services, see How to Extend the Active Directory Schema for Configuration Manager |
| Important |
|---|
| If you modify settings in this tab, they will take effect on the next query interval, which is defined on the General tab for the System Health Validator Point Component Properties dialog box. |
This tab contains the following elements:
- Use the same Active Directory forest
- Specifies that the site server and System Health Validator points for this site are in the same Active Directory forest.This is the default setting.
- Designate an Active Directory forest
- Specifies that the site server and System Health Validator points for this site are not in the same Active Directory forest. When this option is selected, you must also specify the domain suffix where health state references are published, and health state reference accounts if computer accounts cannot be used.For more information about deploying Network Access Protection across multiple Active Directory forests, see About Network Access Protection and Multiple Active Directory Forests.To help you decide which Active Directory forest to designate, see Decide Which Forest Will Publish Health State References for Network Access Protection.This option is not enabled by default.
- Domain suffix
- Specifies the fully qualified domain for the published health state references. You must specify this if you are designating an Active Directory forest.This option is not enabled by default.
- Health state reference publishing account
- Specifies a Microsoft Windows user account in the designated
Active Directory forest if any of the following apply:
- The designated forest is not the same forest
as the site server.
- There is no trust relationship between the
site server's domain and the Domain suffix.
- There is a trust relationship between the
site server's domain and the Domain suffix, but Full Control
permission has not be granted to the System Management Active
Directory container for the site server's computer account.
- The designated forest is not the same forest
as the site server.
- Health state reference querying account
- Specifies a Windows user account in the designated Active
Directory forest if any of the following apply:
- The designated forest is not the same forest
as the System Health Validator points.
- There is no trust relationship between the
System Health Validator points and the Domain suffix.
- The Windows account must be specified in the
form: domain\user.
- The designated forest is not the same forest
as the System Health Validator points.
- OK
- Saves the changes, and exits the dialog box.
- Cancel
- Exits the dialog box without saving any changes
- Apply
- Saves the changes and remains in the dialog box.
- Help
- Opens the help topic for this tab of the dialog box.
See Also
Concepts
About NAP Health State References in Network Access ProtectionAbout System Health Validator Points in Network Access Protection
System Health Validator Point: Validation Process for Network Access Protection