UEU-co logo


Previous Page Next Page

Configuring the Windows Security Health Validator

As already mentioned, the Network Policy Server provides (by default) the Windows Security Health Validator. This health validator is designed to check the health of network clients running Windows Vista and Windows XP (Service Pack 3). On these network client operating systems, the counterpart to the Windows Security Health Validator or WSHV (which contains the validation rules) is the Windows Security Health Agent (WSHA). The WSHA is used by the WSHV as a sort of declaration of health by the client operating system, and the Network Policy server can compare the WSHV to the WSHA to make sure that the computer is compliant with the configured network policies.

When the client computer is not compliant, you want the problem fixed. This is where remediation comes in. You can configure remediation server groups, which are the servers that contain the update files or other software that the client computer needs to access to become compliant with the Network Policy Server’s WSHV.

To configure the WSHV in the Network Policy Server snap-in, follow these steps:

1. Open the Network Policy Server snap-in in either the Server Manager (expand the Roles, Network Policy and Access Services and NPS nodes) or the MMC (Start, Administrative Tools, Network Policy Server).

2. In the snap-in, select the Network Access Protection node in the node tree (see Figure 11.18).

Figure 11.18. Open the Network Policy Server snap-in.

[View full size image]

3. In the Details pane, click the Configure System Health Validators link. The Windows Security Health Validator (WSHV) is listed in the Details pane.

4. To open the WSHV and configure it, double-click Windows Security Health Validator. The Windows Security Health Validator Properties dialog box opens.

To configure the WSHV, click the Configure button. The Windows Security Health Validator dialog box opens (see Figure 11.19).

Figure 11.19. The WSHV dialog box.

[View full size image]

5. The WSHV dialog box has two tabs: one for Windows Vista and one for Windows XP. The two tabs are identical except the Windows XP tab does not require that spyware protection be installed on Windows XP clients. Let’s walk through the settings on the Windows Vista tab:

By the Way

The Windows Server Update Service is a service that is provided by Microsoft and can be downloaded from http://www.microsoft.com/downloads/details.aspx?FamilyId=F87B4C5E-4161-48AF-9FF8A96993C688DF&displaylang=en#Overview. This service can be used along with the Windows Update Agent (on client computers) to make sure that the client OS has all available security updates installed.

Select (or deselect) the configuration parameters for the WSHV as needed (on both the Vista and XP tabs if you have a mixed client-base on the network).

6. Click OK to return to the Windows Security Health Validator Properties dialog box, and then click OK to close the Properties dialog box.

Now that the WSHV has been configured, you still need to add remediation servers to the Network Policy Server and also enable the Network Access Protection Service on your network clients. Let’s look at adding a remediation server and then enabling network access protection on network clients.

Previous Page Next Page

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.


apply_now Pepperstone Group Limited