Windows Server TechCenter >
Windows Server Forums
>
Network Access Protection
>
NAP and Windows 7 Client
NAP and Windows 7 Client
- <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman";} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} -->
I have clients running MS XP and Vista and with NAP with results as I expect.
When I try a Windows 7 client I have issues.
I issue the napstat command and it says the SHA is not present.
When I issue the netsh NAP client show state command under ID = 79744 SHA
Is says initialized = no
I am using EAP quarantine enforcement client and it is initialized.
I am totally new to NAP and Microsoft for that matter so I need much remediation.
Are there some specifics for Windows 7?
Answers
- RamaSubbu,
This has never worked for Windows 7 only Windows XP and Vista. We did no security customizations.
When we looked at our PC and the first two items we already set as you show but the last one, wscsvc was different.
What is this command changing?
thanks for your help- Marked As Answer bycarmeister Tuesday, November 03, 2009 9:05 PM
All Replies
- Hi,
Can you try executing the following command from the Elevated Command Prompt on Windows 7 and then restart your computer ? Was it working before ? Can you tell us what are the softwares/applications you have installed ? Also, did you make any security customizations,..etc?
sc sdset napagent D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCLCSWRPWPDTLOCRRC;;;NS)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
sc sdset wuauserv D:(A;;CCLCSWRPLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)
sc sdset wscsvc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CR;;;AU)(A;;CCLCRP;;;S-1-5-80-2006800713-1441093265-249754844-3404434343-1444102779)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
If the above commands solves the issue, then this is same issue we are looking for root cause.
Thanks
-RamaSubbu SK
Sorry! Microsoft doesn't own any liability & responsibility for any of my posting. - RamaSubbu,
This has never worked for Windows 7 only Windows XP and Vista. We did no security customizations.
When we looked at our PC and the first two items we already set as you show but the last one, wscsvc was different.
What is this command changing?
thanks for your help- Marked As Answer bycarmeister Tuesday, November 03, 2009 9:05 PM
Hi Carmeister,
Some task is changing the ACLs for these Services, we don't know how/who is changing this. Do you have any antivirus or security related product installed ? With the SC command we are changing back to default ACLs.
Is your machine is joined to a domain ?
Thanks
-RamaSubbu SK
Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.- Antivirus is Forefront and the machine is joined to the domain.
What is the command I can use to look at it on another machine?
Thanks, What you want to look on another machine ?
Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
