Michael Kleef ::: MSFT

http://twitter.com/mkleef

SCCM 2007 RC1 and NAP integration first thoughts

SCCM 2007 RC1 and NAP integration first thoughts

  • Comments 2
  • Likes

So if you saw my last post on SCCM 2007's install you'll get the idea that I'm still somewhat unimpressed with the initial setup of the product. I think its still a little messy and requires knowledge outside of the prerequisite checker. Hopefully that improves as we move into RTM!  That said overall I am impressed with the changes in this version.

Despite the daunting and somewhat confusing user interface - one of the things I still do like about it is that its heavily componentised and you can see exactly what's going on but with this level of componentisation there's also stuff to be aware of.

 Component

With every component you install there's a separate set of prerequisites - hence why the prerequisite checker will not be able to determine your exact requirements and deliver you a list of things you need to do first. That stuff is currently in the help files. Take for example Network Access Protection which Phil Duff and myself will be showing at TechEd Australia. There's two new modules around Network Access Protection and Software Updates. Both have their prerequisites. To implement NAP you must have a Windows Server 2008 installation running a Network Policy Server (NPS). If you didn't know already, NPS is the new IAS! From the SCCM 2007 console you can install the role components for NAP on that NPS server which slots in the SHV for policy checking. Of course once you install the SMS agent on the client you essentially also add the SHA components for the statement of health.

 softwareupdates

Of course in order for NAP to have something to check policy compliance on you need to have the Software Updates role running. Again this is another role with a requirement. To install this you must either point it at a WSUS 3.0 server or have WSUS 3.0 installed on the Site Server itself. Be aware that once you've done this it seems to take ages to fully download the packages and parse them into SCCM. And like anything with SCCM you have to let it run its course...

 

So with that a final note. SCCM 2007 is like its predecessor. It takes time for things to complete in its configuration. Don't rush the component installations or think you've done something wrong. Unless you are seeing really bad stuff or config prerequisite issues in the logs that you haven't done then in doubt wait. Wait overnight if you have to but just leave it. It will likely right itself in the end.

Technorati Tags: , ,
Comments
  • Hi Michael - met you in this afternoon's "Building Platform Remediation with NAP & SCCM2007" - i had the question about SCCM WakeUp.  Our environment moves machines powered off into a different vlan, consequently they get a different ip address there, til they're booted up and authenticated again (we have cisco switches and we're using 802.1x).  I have SMSWakeUp and am working on a workaround, but if that works, it will simply have an agent wake up the whole subnet.  Look forward to your answer :-)

    thanks Jan

  • I had a good question from Jan yesterday after my TechEd session. She posted a comment to my article

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment