locked
NPS/NAP Apply a specific GPO to non compliant computers RRS feed

  • Question

  • Hi,

    I'm a beginner in NPS/NAP and i would like to know if it's possible.

    Situation:

    • i don't use microsoft DHCP server (we use a specific DHCP appliance)
    • a lot of Windows XP client SP3 with an anti virus
    • Active directory
    • i have Winows server 2008 R2

    I want to check computer compliant (if anti virus signatures is up to date -> OK else apply a politic).

    In my research i found that it's impossible ton make dhcp enforcement without microsoft dhcp server.

    So i would like to know if it's possible to apply a GPO (for example launch script, block anythings) to non compliant computers without Enforcement mode.

    So to resume, is it possible to apply an GPO without enforcement?

    Thanks,

    Guillaume

    Tuesday, February 21, 2012 9:50 AM

Answers

  • Hi Guillaume,

    Thanks for posting here.

    > So i would like to know if it's possible to apply a GPO (for example launch script, block anythings) to non compliant computers without Enforcement mode.

    Base on my knowledge NAP can’t force client to apply a GPO when it was  been marked as noncompliant host. However we can set a troubleshooting URL in policy so that we can store the programs that going to apply and instruct users to access and execute it manually.

    Configure a Troubleshooting URL
    http://technet.microsoft.com/en-us/library/dd314200(WS.10).aspx

    I think this settings can be implemented in no enforcement design but please test it in lab first .

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by Gui Koto Wednesday, February 22, 2012 7:52 AM
    Wednesday, February 22, 2012 6:14 AM

All replies

  • Hi Guillaume,

    Thanks for posting here.

    > So i would like to know if it's possible to apply a GPO (for example launch script, block anythings) to non compliant computers without Enforcement mode.

    Base on my knowledge NAP can’t force client to apply a GPO when it was  been marked as noncompliant host. However we can set a troubleshooting URL in policy so that we can store the programs that going to apply and instruct users to access and execute it manually.

    Configure a Troubleshooting URL
    http://technet.microsoft.com/en-us/library/dd314200(WS.10).aspx

    I think this settings can be implemented in no enforcement design but please test it in lab first .

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by Gui Koto Wednesday, February 22, 2012 7:52 AM
    Wednesday, February 22, 2012 6:14 AM
  • Thanks for your answer

    I think it's difficult to me to use NPS in my environnment and for what i want to do (control anti virus signatures up to date)

    Wednesday, February 22, 2012 8:00 AM