When a Configuration Manager 2007 Network Access Protection (NAP) policy is created or modified, the site system writes a NAP health state reference to Active Directory Domain Services so that the System Health Validator point can use it to validate the client statement of health.
If you do not specify a health state reference publishing account, the site server computer account is used, which is appropriate if the site server resides in the same Active Directory forest as the health state reference. However, if you are using a designated Active Directory forest and the site server does not have permission to write to the domain suffix specified, you must specify a Microsoft Windows user account for the health state reference publishing account.
This user account must have Full Control permissions to the System Management container (and all child objects) in the health state reference location.
Important |
---|
The Active Directory forest that will contain the health state reference must be extended with the Configuration Manager 2007 schema extensions, have a System Management container, and Configuration Manager 2007 must be configured to publish to Active Directory Domain Services. For information about how to extend the Configuration Manager 2007 schema and publish to Active Directory, see How to Extend the Active Directory Schema for Configuration Manager. |
To specify the health state reference publishing account
-
In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / <site code> – <site name> / Site Settings / Component Configuration, right-click System Health Validator Point Component, and then click Properties.
-
On the Health State Reference tab, under the section Active Directory forest settings, click the Set button next to the Health state reference publishing account.
-
In the Windows User Account dialog box, specify the account to use, type in the password and password verification, and click OK.
-
Click OK to close the System Health Validator Component Properties dialog box.
Note |
---|
For more information about the options in this dialog box, see System Health Validator Point Component Properties: Health State Reference Tab. |
See Also
Tasks
How to Specify the Health State Reference Querying AccountHow to Specify the Location of the NAP Health State Reference
Concepts
About Network Access Protection and Multiple Active Directory ForestsAbout NAP Health State References in Network Access Protection
Network Access Protection Accounts
About System Health Validator Points in Network Access Protection