To verify that Network Access Protection (NAP) in Configuration Manager 2007 is successfully remediating non-compliant Configuration Manager 2007 clients, you can use either of the following procedures:
- Use the Network Access Protection client
notification.
- Look for specific state message changes
logged on the client.
To verify that clients are successfully remediated using the Network Access Protection client notification
-
When the Network Access Protection client notification appears, click it to watch its progress and for confirmation of remediation.
NoteIf the computer is remediating on the full network for a limited time, the Network Access Protection notification will not appear unless there is a remediation failure or if a restart is required for remediation to complete.
To verify that clients are successfully remediated using client logging
-
Locate the client log file %windir%\system32\CCM\Logs\StateMessage.log.
-
Look for the state message changes with Type="200" IDType="200"/><State ID="2" (which means the client is entering deferred enforcement state) or Type="200" IDType="200"/><State ID="3" (which means the client is entering restricted access state) changing to Type="200" IDType="200"/><State ID="1" (which means the client is entering unrestricted access state).
If you confirm these state message changes exist in the log file, the client is successfully remediated. If these state message changes are not present, the client is not successfully remediated.