Prerequisites for Network Access Protection
適用於: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
Network Access Protection (NAP) in Configuration Manager 2007 creates external dependencies as well as dependencies within the product.
Dependencies External to Configuration Manager 2007
| Dependency | More Information |
|---|---|
Network Access Protection (NAP) enforcement technology installed and configured appropriately for one or more of the following: DHCP, IPsec, VPN, or 802.1X. > [!NOTE] > All Windows NAP enforcement solutions require Windows Server 2008. > |
Documentation published on the Network Access Protection Web site (https://go.microsoft.com/fwlink/?LinkId=59125) |
One or more Network Policy Servers configured appropriately with remediation server groups, health policies, connection request policies, and network policies. |
Configuring the Network Policy Server for Configuration Manager |
NAP-capable clients (such as Windows Vista, Windows Server 2008, or computers running Windows XP Service Pack 3). |
|
Perimeter devices are configured to allow traffic between communicating servers. |
Determine the Ports Required by Firewalls to Support Network Access Protection |
Configuration Manager 2007 Dependencies
| Dependency | More Information |
|---|---|
The site must be running Configuration Manager 2007 and be enabled for Network Access Protection. |
To enable the site for Network Access Protection, you must enable the Network Access Protection client agent. This client agent is not enabled by default. For more information, see How to Enable the Network Access Protection Client Agent. > [!NOTE] > You do not need to enable the software updates client agent to support Network Access Protection in Configuration Manager 2007. > |
Clients must be Configuration Manager 2007. |
Clients running Systems Management Server (SMS) 2003 are not supported. |
An Active Directory forest has the schema extended with the Configuration Manager schema extensions, and it is provisioned with a System Management container in at least one domain. |
The site server publishes Configuration Manager NAP health state references to Active Directory Domain Services, and these are retrieved by the System Health Validator point. Publishing to Active Directory Domain Services requires that the schema is extended, but you can elect which forest to use. For more information, see About Network Access Protection and Multiple Active Directory Forests |
The Configuration Manager sites enabled for Network Access Protection are configured to publish site information to Active Directory Domain Services. |
How to Publish Configuration Manager Site Information to Active Directory Domain Services |
The installation of at least one System Health Validator point on Windows Server 2008, that has the server role of Network Policy Server. |
> [!NOTE] > Although the System Health Validator can be installed in a different Active Directory forest than the site server's forest, it must be installed in a domain and is not supported in a workgroup. > |
The software updates feature is configured and has software update deployment packages. |
Although the software updates client agent does not need to be enabled on the site, you must have in place the software updates infrastructure, such as a software update point and software update deployment packages hosted on distribution points. For more information, see the following topics: |
Reporting Point Site System |
The reporting point site system role must be installed before Network Access Protection reports can be displayed. For more information about creating a reporting point, see How to Create a Reporting Point. |
另請參閱
概念
About Software Update Deployment Packages
About Enabling and Disabling Network Access Protection
About the NAP Client Status in Network Access Protection
About Configuration Manager NAP Policies in Network Access Protection
About System Health Validator Points in Network Access Protection
其他資源
Configuring the Network Policy Server for Configuration Manager
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.