A zero-day exploit usually means administrators must ensure clients have a critical software update installed as soon as possible, rather than incorporating this update into the standard administrative routine of updating computers.
In this scenario, Network Access Protection (NAP) in Configuration Manager 2007 can be configured so that selected software updates are enforced in an expedited manner, even if this results in restricted network access. This configuration involves setting the effective date to As soon as possible and also configuring the statement of health time validation option Date created must be after (UTC).
To configure a Configuration Manager NAP policy for a zero-day exploit
Configure your Configuration Manager NAP policy with an effective date of As soon as possible.
In the System Health Validator Point Component Properties, on the General tab, enable the option Date created must be after (UTC) and specify the date and time that you created the Configuration Manager NAP policy.
TasksHow to Create a Configuration Manager NAP Policy for Network Access Protection
How to Set the Effective Date and Time to Begin NAP Evaluation for Network Access Protection
How to Specify the Option 'Date created must be after' for the Statement of Health
ConceptsAbout the NAP Effective Date in Network Access Protection
About Phased and Expedited Network Access Protection Deployments
About System Health Validator Points in Network Access Protection