• On the Overview tab, select Policy enabled.
  
  
• On the Overview tab, select the access permission of Grant Access. Grant access if the connection request matches this policy.
  
  
• On the Conditions tab, add the condition of Health Policies, select the Compliant health policy created earlier, and then click OK.
  
  
• On the Constraints tab, for DHCP and IPsec enforcement only, click Perform machine health check only. Note that this setting should not be selected if you are using VPN or 802.1X as your enforcement mechanism.
  
  
• On the Settings tab, click NAP Enforcement under the section Network Access Protection, click Allow full network access, and then click OK.
  
  

• On the Overview tab, select Policy enabled.
  
  
• On the Overview tab, select the access permission of Grant Access. Grant access if the connection request matches this policy.
  
  
• On the Conditions tab, add the condition of Health Policies, select the Non-Compliant health policy created earlier, and then click OK.
  
  
• On the Constraints tab, for DHCP and IPsec enforcement only, click Perform machine health check only. Note that this setting should not be selected if you are using VPN or 802.1X as your enforcement mechanism.
  
  
• On the Settings tab, click NAP Enforcement under the section Network Access Protection, and then click one of the following:
  
  
  • Allow full network access for a limited time, and then use the Date and Time options to set when computers should have restricted network access if their health state remains non-compliant.
    
    
  • Allow limited access if you want non-compliant computers to connect to the restricted network immediately.
    
    
• On the Settings tab, click NAP Enforcement, click Configure in the section Remediation Server Group and Troubleshooting URL, and in the Remediation Servers and Troubleshooting URL dialog box specify the following, and then click OK:
  
  
  • In the section Remediation Server Group, select the remediation server group you created earlier, which contains infrastructure servers such as DNS servers.
    
    
  • In the section Troubleshooting URL, type in the link to a Web page accessible from the restricted network you want users to see when they are in remediation.
    
    

Note

There is no need to select the option Enable auto-remediation of client computers in the section Auto remediation. Network Access Protection in Configuration Manager always automatically remediates non-compliant clients when the health policy is configured for either Allow full network access for a limited time or Allow limited access. However, you might need to select this check box for non-Configuration Manager System Health Agents and System Health Validators.

• On the Overview tab, select Policy enabled.
  
  
• On the Overview tab, select the access permission of Grant Access. Grant access if the connection request matches this policy.
  
  
• On the Conditions tab, add the condition of NAP-Capable Computers, select the Only computers that are not NAP-capable, and then click OK.
  
  
• On the Constraints tab, for DHCP and IPsec enforcement only, click Perform machine health check only. Note that this setting should not be selected if you are using VPN or 802.1X as your enforcement mechanism.
  
  
• On the Settings tab, click NAP Enforcement under the section Network Access Protection, click Allow full network access, and then click OK.
  
  

Concepts

Other Resources