The Configuration Manager 2007 System Health Validator point periodically retrieves Network Access Protection (NAP) health state references from Active Directory Domain Services so that it can validate a statement of health from Configuration Manager NAP-capable clients.
If you do not specify a health state reference querying account, the computer account of the System Health Validator is used, which is appropriate if the System Health Validator point resides in the same Active Directory forest as the health state reference location, or if you are using a designated Active Directory forest and a trust exists between the domains that contain the System Health Validator points and the domain that contains the health state references.
However, if there is no trust relationship between the domains that contain the System Health Validator points and the domain that contains the health state references, you must specify a Microsoft Windows user account for the health state reference querying account.
|The Active Directory forest that will contain the health state reference must be extended with the Configuration Manager 2007 schema extensions, have a System Management container, and Configuration Manager 2007 must be configured to publish to Active Directory Domain Services. For information about how to extend the Configuration Manager 2007 schema and publish to Active Directory, see How to Extend the Active Directory Schema for Configuration Manager.|
To specify the health state reference querying account:
In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / <site code> – <site name> / Site Settings / Component Configuration, right-click System Health Validator Point Component, and then click Properties.
On the Health State Reference tab, under the section Active Directory forest settings, click the Set button next to the Health state reference querying account.
In the Windows User Account dialog box, specify the account to use, type in the password and password verification, and then click OK.
Click OK to close the System Health Validator Component Properties dialog box.
|For more information about the options in this dialog box, see System Health Validator Point Component Properties: Health State Reference Tab.|
TasksHow to Specify the Health State Reference Publishing Account
How to Specify the Location of the NAP Health State Reference
ConceptsAbout Network Access Protection and Multiple Active Directory Forests
About NAP Health State References in Network Access Protection
Network Access Protection Accounts
About System Health Validator Points in Network Access Protection