Hi Jason:
Thanks for the response. You’re right that deprecated doesn’t
mean supported, but I’m also sure I want to start out and implement a newly
deprecated solution. Any ideas why MS is choosing to deprecate NAP? I really
don’t think there’s anything in Config Manager that’s equivalent to the idea of
NAP in that we’re looking for the whole “You’re quarenteened until we know for
sure you’re up to date” thing. And our concern is machines coming onto the
network that may not have an up-to-date SCCM client installed, while we have
procedures in place to get the client updated, we don’t want the machine on the
network able to talk to others until that machine is healthy.
Ryan
From: [email protected] [mailto:[email protected]] On
Behalf Of Jason Sandys
Sent: Thursday, January 16, 2014 9:33 AM
To: [email protected]
Subject: [mssms] RE: NAP
The NAP feature set in ConfigMgr (2007 and 2012) is a “plug-in” (SHV and SHA)
for Windows Server NAP and requires Windows Server NAP.
The article doesn’t say that ConfigMgr has NAP or use ConfigMgr NAP instead
(because there’s no such thing), it says to use (other) native ConfigMgr
functionality to fulfill the requirements of a NAP solution.
Do those feature sets truly fulfill your requirements? Only you can answer that.
Note also though that deprecated doesn’t mean not supported or not working,
just that they won’t be doing anything with it in the future.
J
From: [email protected] [mailto:[email protected]] On
Behalf Of Ryan Shugart
Sent: Wednesday, January 15, 2014 1:04 PM
To: [email protected]
Subject: [mssms] NAP
Hi:
We’re looking at implementing NAP here, and I’ve been looking into the
various options. According to this link:
http://technet.microsoft.com/en-us/library/hh831683.aspx
NAP in Windows Server 2012R2 is deprecated, and it is suggested to use SCCM
2012R2 as a NAP replacement. I know SCCM 2007 had NAP, but I’m not seeing
where NAP controls are in 2012R2, I’d just like to confirm that 2012R2 supports
NAP? I know you can do NAPlike checks using configuration baselines, but we’re
also looking for the whole quarenteen the machine if it doesn’t meet the
baselines or doesn’t have an active client installed. I’m not sure you can go
that far with SCCM, can someone correct me if I’m wrong? Basically we’re
looking for a way to prevent situations like someone turning on a machine
that’s not been on in six months, letting it get onto the network with out of
date patches or virus definitions and then get infected.
Thanks.
Ryan
Ryan Shugart
LAN Administrator
MiTek USA, MiTek Denver
314-851-7414
© COPYRIGHT, MITEK HOLDINGS, INC., 2011-2013, ALL RIGHTS RESERVED
________________________________
This communication (including any attachments) contains information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s), please note
that any distribution, copying, or use of this communication or the information
in it is strictly prohibited. If you have received this communication in error,
please notify the sender immediately and then destroy any copies of it.
© COPYRIGHT, MITEK HOLDINGS, INC., 2011-2013, ALL RIGHTS RESERVED
________________________________
This communication (including any attachments) contains information which is
confidential and may also be privileged. It is for the exclusive use of the
intended recipient(s). If you are not the intended recipient(s), please note
that any distribution, copying, or use of this communication or the information
in it is strictly prohibited. If you have received this communication in error,
please notify the sender immediately and then destroy any copies of it.
