SCCM: 100% Microsoft Updates compliance

  • Article

SCCM 2007 has a feature of Network Access Protection. In a non-complex environment, SCCM can be integrated with NPS and DHCP to ensure 100% patch compliance in the network. 

  • NPS server is configured to select DHCP as its connection method
  • DHCP server is configured for Network access protection class, by configuring options 003,006 and 015
  • A new site role is added to SCCM. This new role will be the NPS server. SCCM install its component in NPS, to ensure authentication via SCCM NAP.
  • Clients are enabled for DHCP-NPS authentication by enabling this GP: Enforcement Clients
  •  
    Component Setting
    DHCP Quarantine Enforcement Client Enabled
    Remote access enforcement client for Windows XP and Windows Vista Disabled
    IPsec Relying Party Disabled
    Wireless EAPOL enforcement client for Windows XP Disabled
    RD Gateway Quarantine Enforcement Client Disabled
    EAP Quarantine Enforcement Client Disabled

SCCM References : http://technet.microsoft.com/en-us/library/bb694190.aspx

NAP- DHCP : http://www.microsoft.com/en-us/download/details.aspx?id=2409