Topic last updated—May 2008
Network Access Protection (NAP) in Configuration Manager 2007 creates external dependencies as well as dependencies within the product.
Dependencies External to Configuration Manager 2007
Dependency | More Information | ||
---|---|---|---|
Network Access Protection (NAP) enforcement technology installed and configured appropriately for one or more of the following: DHCP, IPsec, VPN, or 802.1X.
|
Documentation published on the Network Access Protection Web site (http://go.microsoft.com/fwlink/?LinkId=59125) |
||
One or more Network Policy Servers configured appropriately with remediation server groups, health policies, connection request policies, and network policies. |
Configuring the Network Policy Server for Configuration Manager |
||
NAP-capable clients (such as Windows Vista, Windows Server 2008, or computers running Windows XP Service Pack 3). |
|||
Perimeter devices are configured to allow traffic between communicating servers. |
Determine the Ports Required by Firewalls to Support Network Access Protection |
Configuration Manager 2007 Dependencies
Dependency | More Information | ||
---|---|---|---|
The site must be running Configuration Manager 2007 and be enabled for Network Access Protection. |
To enable the site for Network Access Protection, you must enable the Network Access Protection client agent. This client agent is not enabled by default. For more information, see How to Enable the Network Access Protection Client Agent.
|
||
Clients must be Configuration Manager 2007. |
Clients running Systems Management Server (SMS) 2003 are not supported. |
||
An Active Directory forest has the schema extended with the Configuration Manager schema extensions, and it is provisioned with a System Management container in at least one domain. |
The site server publishes Configuration Manager NAP health state references to Active Directory Domain Services, and these are retrieved by the System Health Validator point. Publishing to Active Directory Domain Services requires that the schema is extended, but you can elect which forest to use. For more information, see About Network Access Protection and Multiple Active Directory Forests |
||
The Configuration Manager sites enabled for Network Access Protection are configured to publish site information to Active Directory Domain Services. |
How to Publish Configuration Manager Site Information to Active Directory Domain Services |
||
The installation of at least one System Health Validator point on Windows Server 2008, that has the server role of Network Policy Server. |
How to Install the System Health Validator Point
|
||
The software updates feature is configured and has software update deployment packages. |
Although the software updates client agent does not need to be enabled on the site, you must have in place the software updates infrastructure, such as a software update point and software update deployment packages hosted on distribution points. For more information, see the following topics: |
||
Reporting Point Site System |
The reporting point site system role must be installed before Network Access Protection reports can be displayed. For more information about creating a reporting point, see How to Create a Reporting Point. |
See Also
Concepts
About Software Update Deployment PackagesAbout Enabling and Disabling Network Access Protection
About the NAP Client Status in Network Access Protection
About Configuration Manager NAP Policies in Network Access Protection
About System Health Validator Points in Network Access Protection