Share via


System Health Validators

Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

When a NAP client computer is connected to the network, it is monitored to ensure it is current with health requirements. A Network Access Protection (NAP) client computer is able to monitor health status continuously by using software called system health agents (SHAs). Health requirements are defined on NAP servers using corresponding software called system health validators (SHVs). Many different types of SHA and SHVs are available.

Windows Security Health Validator

The Windows Security Health Validator (WSHV) is included with Windows Server 2008 and Windows Server 2008 R2. The WSHV evaluates the operational status of the following components on NAP client computers:

  • Firewall: If this requirement is enabled, the client computer must have a firewall that is registered with Windows Security Center and enabled for all network connections.

  • Virus Protection: If this requirement is enabled, the client computer must have an antivirus application installed, registered with Windows Security Center, and turned on. The client computer can also be checked to ensure that the antivirus signature file is up-to-date.

  • Spyware Protection: If this requirement is enabled, the client computer must have an antispyware application installed, registered with Windows Security Center, and turned on. The client computer can also be checked to ensure that the antispyware signature file is up-to-date. Spyware protection applies only to NAP clients running Windows Vista or Windows 7.

  • Automatic Updating: If this requirement is enabled, the client computer must be configured to check for updates from Windows Update. You can choose whether to download and install them.

  • Security Update Protection: If this requirement is enabled, the client computer must have security updates installed based on one of four possible values that match security severity ratings from the Microsoft Security Response Center (MSRC). The client must also check for these updates during a specified time interval. You can use Windows Server Update Services (WSUS), Windows Update, or both to obtain security updates.

Additional references