System Health Validator Point Component Properties: General Tab

Use the General tab of the Configuration Manager 2007 System Health Validator Point Component properties to specify settings relating to the general operation of all System Health Validator points in the site.

Important
If you modify settings in this tab, they will take effect on the next query interval, which is defined on this tab.

This tab contains the elements listed in the following table.

Query interval (minutes): Specifies in minutes how often System Health Validator points retrieve and cache Configuration Manager health state references from Active Directory Domain Services. The information is retrieved with a Lightweight Directory Access Protocol (LDAP) call to a global catalog.The lower the value, the more quickly the System Health Validator will detect changes to the Configuration Manager NAP policies; however clients are more likely to be found non-compliant even though they have all the required software updates specified in the Configuration Manager NAP policies. In this scenario, if policies on the Network Policy Server are configured to give non-compliant clients limited network access, in this scenario, clients will not have full network access until they have download their Configuration Manager NAP policies, re-evaluated their compliance, and then send a new statement of health to the System Health Validator point. This process can take a few minutes.The higher the value, the less likely clients will be found non-compliant when they have all the required software updates specified in the Configuration Manager NAP policies. In this scenario, clients will not risk having limited network access to download their Configuration Manager NAP policies and re-evaluate compliance. However, a higher value might mean that clients are deemed compliant when they haven't evaluated compliance with the latest Configuration Manager NAP policies.A recommended setting to reduce the likelihood of clients that have the selected software updates having limited network access, but to ensure that compliance results are based on the latest Configuration Manager NAP policies, is to configure this option to be twice the value specified for the Policy polling interval in the Computer client agent properties (by default, this is set to once an hour). This setting can be between 1 and 10080 minutes, and the default value is 120 minutes.

Validity period (hours)

Specifies the length of time in hours for which a cached client statement of health will be accepted as compliant by System Health Validator points. If the client statement of health is older than the validity period, the System Health Validator point returns a health state of non-compliant to the Network Policy Server. In this scenario, if policies on the Network Policy Server enforce compliance, the client is forced to re-evaluate its compliance status and present a new statement of health. Therefore, a longer validity period results in quicker processing (and connecting times), but the compliance information might not be up to date.This setting can be between 1 and 168 hours, and the default value is 26 hours.

Important
If you change the default validity period, ensure that you configure a value that is higher than the configured evaluation schedule on the Network Access Protection client agent. If the compliance evaluation on the client occurs less frequently than the validity period, clients will be found non-compliant by the System Health Validator point. In this scenario, remediation will instruct clients to re-evaluate their compliance and produce a current statement of health. This process might take a few minutes to complete, so if policies on the Network Policy Server are configured to limit network access for non-compliant computers, computers will not be able to access network resources on the full network during this re-evaluation time.

Important

If you change the default validity period, ensure that you configure a value that is higher than the configured evaluation schedule on the Network Access Protection client agent. If the compliance evaluation on the client occurs less frequently than the validity period, clients will be found non-compliant by the System Health Validator point. In this scenario, remediation will instruct clients to re-evaluate their compliance and produce a current statement of health. This process might take a few minutes to complete, so if policies on the Network Policy Server are configured to limit network access for non-compliant computers, computers will not be able to access network resources on the full network during this re-evaluation time.

Date created must be after (UTC): Specifies whether you want to ensure a client statement of health is created after a specified date and time (in Coordinated Universal Time). After selecting this option, select the date and time. The date and time cannot be set to a future value but must be the current or a previous date and time.Setting this option is appropriate if you have just configured a new Configuration Manager Network Access Protection (NAP) policy and it is imperative that the software update selected in the policy is included in the evaluation, regardless of the validity period.This option is not enabled by default.

OK: Saves the changes, and exits the dialog box.

Cancel: Exits the dialog box without saving any changes.

Apply: Saves the changes, and remains in the dialog box.

Help: Opens the help topic for this tab of the dialog box.

See Also

Tasks

Concepts