locked
NAP Remediation RRS feed

  • Question

  • Hi All,

    I'm setting up a NAP IPsec enforcement.

    I can see that it's already working, the auto-remediation is working.

    But my problem here is that when I try to apply the Anti Virus on SHV, it detects my test unit which doesn't have an Anti Virus, but it still connect on the Network.

    Correct me if I'm wrong, but my understanding to this is that if the computer is non-compliant, it will have restricted access like it can't access the network, the internet, etc. Is that right? And if yes, what do you think I'm missing on my setup to restrict those non compliant computers?

    I'm very new to this, please help me.

    Thank you!

    Friday, May 13, 2016 7:13 AM

Answers

  • Hi spideynok,

    Things that can be auto-remediated by the Windows System Health Agent (WSHA), which integrates directly with the Windows Security Center: 
    1. Firewall ON 
    2. Windows Defender ON (Vista only, no XP support for Defender) 
    3. Automatic Updating ON 
    4. Automatic Updating patch level up-to-date
    We cannot currently auto-remediate any anti-virus applications unless they integrate with NAP on the client computer. If the vendor integrates with NAP, this is where NAP functionality can be enriched to let you now set policies on the server for that particular vendor's software.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by spideynok Tuesday, May 17, 2016 3:24 AM
    Monday, May 16, 2016 3:12 AM

All replies

  • Hi spideynok,

    Things that can be auto-remediated by the Windows System Health Agent (WSHA), which integrates directly with the Windows Security Center: 
    1. Firewall ON 
    2. Windows Defender ON (Vista only, no XP support for Defender) 
    3. Automatic Updating ON 
    4. Automatic Updating patch level up-to-date
    We cannot currently auto-remediate any anti-virus applications unless they integrate with NAP on the client computer. If the vendor integrates with NAP, this is where NAP functionality can be enriched to let you now set policies on the server for that particular vendor's software.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by spideynok Tuesday, May 17, 2016 3:24 AM
    Monday, May 16, 2016 3:12 AM
  • Hi Cartman,

    Thank you for that idea, really appreciate it.

    Additional question, when I setup the Remediation Server I'm a bit confused about this. Example, my Unit has an IP of 10.10.1.10 which has access to everything on our Network, then it fails to meet the requirements such as having AV, it will go to Remediation Server right? The question is, does my IP 10.10.1.10 will change to something that will not have an access to the Network?

    Or how the process will be and how the unit will connect to the remediation server?

    Thank you.

    Tuesday, May 17, 2016 3:24 AM