You might need additional distribution points hosting software update packages when you implement Network Access Protection (NAP) in Configuration Manager 2007. Unlike software update deployments that are targeted to specific collections, NAP policies in Configuration Manager are automatically targeted to all computers that are assigned to the site, and to all computers that are assigned to sites lower in the Configuration Manager hierarchy. If you are using the default collection All Systems, this will display all the computers that will be targeted with Configuration Manager NAP policies and will be received by all computers if they are capable of supporting Network Access Protection.

In a Configuration Manager 2007 hierarchical deployment, this automatic targeting of NAP policies can result in a significant increase in network traffic and processing on distribution points when remediation is invoked.

Decide if you need additional distribution points to host software updates configured for Network Access Protection, and ensure that content is locally available to clients for faster remediation. Also, consider the time required in your environment for the package replication when configuring a Configuration Manager NAP policy with the effective date. If content is not locally available and many clients request it at the same time, clients might take a long while to complete remediation or even time out while remediating.

If you are using branch distribution points to host software updates for Configuration Manager NAP policies, do not enable the option Make this package available on protected distribution points only when requested by clients inside the protected boundary on the Distribution Settings tab for a package's properties. If you set this option, the remediation process might time out if the content has not already been requested from a standard distribution point.

See Also