A zero-day exploit usually means administrators must ensure clients have a critical software update installed as soon as possible, rather than incorporating this update into the standard administrative routine of updating computers.

In this scenario, Network Access Protection (NAP) in Configuration Manager 2007 can be configured so that selected software updates are enforced in an expedited manner, even if this results in restricted network access. This configuration involves setting the effective date to As soon as possible and also configuring the statement of health time validation option Date created must be after (UTC).

To configure a Configuration Manager NAP policy for a zero-day exploit

  1. Configure your Configuration Manager NAP policy with an effective date of As soon as possible.

  2. In the System Health Validator Point Component Properties, on the General tab, enable the option Date created must be after (UTC) and specify the date and time that you created the Configuration Manager NAP policy.

See Also