Install a System Health Validator point in the Configuration Manager 2007 site if all of the following conditions apply:
- Configuration Manager can publish to Active
Directory Domain Service.
- You want to enforce compliance of software
updates using Network Access Protection (NAP) for one or more sites
in your Configuration Manager hierarchy.
- The Windows infrastructure is in place for
NAP, including Network Policy Servers on Windows
- One or more sites in the Configuration
Manager 2007 hierarchy will be enabled for NAP, and in this site
some Configuration Manager clients support NAP.
- A computer is running Windows Server 2008 and
is configured as a Network Policy Server in the Configuration
If you are using NAP with Configuration Manager, you do not necessarily need a System Health Validator point in each Configuration Manager site. You will need to coordinate with the administrators for Network Policy Servers in deciding the number and location of System Health Validator points in the Configuration Manager hierarchy.
Generally, you will need to install a System Health Validator point on all servers running Network Policy Server and that are configured with policies for NAP. If all these servers are in a single Configuration Manager site, it will be easier to configure them because all System Health Validator points in a single Configuration Manager site share the same configuration. If possible, install them in the highest primary site or in your central site, where you create your Configuration Manager NAP policies. However, if you need different configurations for your System Health Validator points, you must install them in different sites.
|Configuration Manager does not assign clients to System Health Validator points; this process is handled by the Windows NAP infrastructure.|