Compliant computer or Non compliant computer in NAP

Hello,
I have Setup NAP, and my client able to Access Network.
But i have setup Network Policy and Health policy as well.
as they setup , without turned on Firewall , user will not able go Access our Network.
but our user still call access our network.
i want to know, ethier my Client computer are compliant computer or Non compliant.
how do i know.
please advice. Thank you
www.aniyanetworks.net

Hello Greg,
Thanks for your Reply,
Yes, i have 3 category's of Policies under NPS Policies.
in Connection Request Policies >NAP Wireless Connection Policies
in Network Policies we have > NAP Wireless Connection (Compliant)
NAP Wireless Connection (nonCompliant)
and in Health Policies we have NAP Secure Wireless (Compliant)
and NAP Secure Wireless (nonCompliant)
and WSHV- Default Configuration
all of them are set correctly, i guess.
but still my client can access , but network should reject connect. bcoz of Firewall is turned off.
and when i tried to follow your command i got this message, but my client NAPA service was running. 
 C:\Windows\system32>netsh nap client show state
The "Network Access Protection Agent" service is not running.
and when i ran this command "napstat"
nothing comes up. 
do i need to configure anything in SCCM 2012? please advice.
Thank you
www.aniyanetworks.net

Similar Messages

  • SHA keep reporting client non-compliant

    I checked the NAP logs on client PC (Applications and Services Logs\Microsoft\Windows\Network Access Protection\Operational) found that the client's SHA keep reporting "non-compliant" even it's in production zone. (Using 802.1x Enforcement NAP
    with PEAP-TLS.) 
    Anyone has idea? Is this the correct behavior? THANKS!!!
    ======================================
    Log Name: Microsoft-Windows-NetworkAccessProtection/Operational
    Source: Microsoft-Windows-NetworkAccessProtection
    Date: 3/31/2014 3:46:08 PM
    Event ID: 29
    Task Category: None
    Level: Information
    Keywords:
    User: NETWORK SERVICE
    Computer: xxx.com
    Description:
    A Statement of Health Response with correlation ID {87323ABC-xxxxx-4474-96F7-xxxxxxx} - 2014-03-31 07:46:07.496Z was received from the enforcement client 79623.
    The current client state is Full Access.
    The following SHAs report this client non-compliant:
    The following error categories were encountered: FailureCategory None, FailureCategory None,
     The probation expiration time is: 25184-1009-00T-02:-01:-01.955161500Z
    The help URL is:
    The duration of health check was 1186 ms.
    ======================================

    Hi,
    Thanks for your question.
    Based on my experience, the event ID 29 is a normal condition and no further action is required. For more detailed information, please refer to the link below:
    Event ID 29 — NAP Agent Communication with the Enforcement Client
    Best regards,
    Susie

  • What is "Remediate non Compliant Rule when supported" and how to use it ?

    Hi, 
    now i have created around 10 baselines for the driver compliance check for different make and model of laptops and desktops, the os platform on the computer will be Win 7 X 64 computers 
    CI's working fine and iam curious to learn what is the  ( Remediate non Compliant Rule when supported ) option actually ment for , what all we can use it for ?
    and i need a example with complete steps too please
    all i can understand from the word Remediate is that it will either run a query or initiate a process such as install the correct version of driver etc , please correct me if iam wrong
    Thank you
    OSLM ENGINEER - SCCM 2007 & 2012

    When creating a CI you can also configure a remediation script, that script will be used to remediate a non-compliant system. Also, some simple things like change the value of an existing registry key from 0 to 1 are supported out-of-the-box for compliance
    and remediation.
    An example:
    http://www.petervanderwoude.nl/post/allow-direct-installation-of-windows-8-apps-via-compliance-settings-in-configmgr-2012/
    Another example:
    http://www.petervanderwoude.nl/post/go-to-desktop-on-sign-in-on-windows-8-1-via-compliance-settings-in-configmgr-2012/
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Updates in progress - status non-compliant

    I deployed my latest software updates (Patch Tuesday) a few days ago to my XP client collection (yes - I know it's going away soon :)) and I see that looking at the Deployment Status they are reading as
    In progress but status set to non-compliant.
    Strangely I had pushed the same deployment to my test collection a week previously and they had installed normally.
    I had a look at various logs and everything seems to have no discernible errors but looking at a sample of the computers in question shows that the updates have NOT installed.
    Opening the 'more details' pane for each computer shows that the software updates are set to a status of
    required.
    Confused as to where to look now to troubleshoot.
    My software update deployment to my Windows 7 collection is successful. No errors in the deployment status window.
    Any help or pointers are appreciated.
    Thanks,
    John

    Hi,
    If these update logs have no discernible errors, you could enable verbose logging to help you find more information.
    Please check the logs in the following KB to find why were these updates not installed.
    (http://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_SU_NAPLog)
    Best Regards,
    Joyce Li
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • ISE 1.2 - Posture Detail Assessment - enforcement audit mode report not show status for non-compliant

    ISE 1.2 - Posture Detail Assessment - enforcement audit mode report not show status for non-compliant.
    - For old version 1.1.4 it can be reported for non-compliant, How can I generate report for this? 
    Thanks
    Kosin Usuwanthim

    It used to be in there (id 226635 is the last one with it); should I clean it up a bit and put it back with a bit more of a disclaimer?

  • Can I upload pics from iPod touch to non apple computer

    Can i upload pics from iPod touch to non apple computer - it is a dell computer

    Yes. You do no even need iTunes. See:
    iOS: Importing personal photos and videos from iOS devices to your computer

  • I have logged in to my itunes account on a different computer and none of my purchased music is showing up. I also have plugged my iphone in to get updates but it says I will lose all media and apps if I don't update on the computer where  I sync everythi

    I have logged in to my itunes account on a different computer and none of my purchased music is showing up. I also have plugged my iphone in to get updates but it says I will lose all media and apps if I don't update on the computer where  I sync everything. I have authorized this new computer so I don't know what the problem is. I can't get on my old computer with my itunes account because the computer is broken. Not sure what to do

    "I have logged in to my itunes account on a different computer and none of my purchased music is showing up."
    Correct.  it does not magially appear in other places.  It will only be where you put it.
    "I also have plugged my iphone in to get updates but it says I will lose all media and apps if I don't update on the computer where  I sync everything. "
    Correct as well.  Iphone will sync with one computer at a time.  Syncing to another will erase the current content.
    You need to copy everything ( itunes library/contacts/pics/calendars/files/docs) from the old computer, or your backup copy of the old one, to the new one.

  • Just got a new mac computer and none of the music from my old computer's itunes transfered when I transfered the contents of the hard drive.  Now I'm trying to transfer music from my ipod and can't get all the files....help?

    Just got a new  computer and none of the music from my old computer's itunes transfered when I transfered the contents of the old hard drive.  Now I'm trying to transfer music from my ipod and can't get all the files....help please?

    The iphone is not a storage/backup device.
    It has always been very basic to always maintain a backup copy of your computer for this very occasion.
    Have you failed to do this?
    If so, not good, then you can transfer itunes purchases:  File>Devices>Transfer Purchases
    You may be able to purchase a third partyn program to get the rest ( not supported by Apple)

  • How can I get report of only non compliant clients via Fileshare or to admin mailbox each day?

    I need to figure out how to get a daily report of non compliant clients in SCCM2012 to admin email or fileshare.
    Is there any built-in report that returns only non compliant clients I could use to accomplish this,
    and create alert subscription or exchange server connector to receive the message / file once a day ?
    Do I need to use SQL Server Reporting Services for this ? New to SCCM and getting confused with all those reports,
    sorry ;-)

    Yes you need SSRS for this.
    This will help.
    http://be.enhansoft.com/post/2013/08/27/How-to-Set-up-a-Windows-File-Share-Subscription.aspx
    http://be.enhansoft.com/post/2013/08/14/How-to-Set-up-an-Email-Subscription-in-SSRS.aspx
    Non compliant for what?
    http://www.enhansoft.com/

  • How could I get the setup files to install Adobe Media Encoder in a non connected computer?

    HI,
    I'd like to try Adobe Media Encoder in a non connected computer.
    But I don't find the way to get the trial setup files.
    Thanks in adavance for your time.
    Mike

    AME is tied to other apps. There is no separate installer.
    Mylenium

  • Slideshow - save to macbook pro to DVD to play on non-Apple computer and DVD (TV)

    I have tried to save a slideshow (with music) made in iPhoto to MacBookPro to then save to a DVD to play on Non-Apple computer AND to play on TV (DVD).  It acts like it is saving but then .mov won't play even on MY Macbookpro.  What am I doing WRONG?

    This is supposed to happen, licensing issue mean that Apple can't AirPlay protected content to other devices. You might try VLC instead of Apples built in DVD player.

  • PS CS5 workaround to non compliant Shader3.x/OpenGL 2.0 video cards

    Stumbled upon a possible workaround for those who want to use some of the latest CS5 PhotoShop enhancements such as 3D effects and Repoussee which is worth sharing.  Background.... home workstation is a i7-920 Windows 7 Ultimate 64-bit o/s with modest NVidia GTS250 which is fully hardware compliant Shader 3.x and OpenGL 2.0 however my company issued laptop used for traveling demo's is a standard Dell Latitude D620 with non compliant Intel GPU which was unable to create simple 3D effects with any invoked PhotoShop graphic.  Each of the 3D effects from the PhotoShop CS5 pull downs were grayed out and verified as a non compliant via Edit --> Preferences -->Performance on the Dell D620.  Finally had time to create a simple "down and dirty" 3D graphic using either the predefined hat or can 3D effect composed on the i7-920 Windows 7 Ultimate 64-bit o/s then saved as a file type PSD to a flash drive.
    Open the same created file on my Dell D620, got a warning message the built in GPU on the Dell D620 was non compliant hardware hence rendering would be via software (versus video hardware).  The 3D can opened on the Dell but more importantly I was able to successfully perform edits.  Long story short you might be able to circumvent non compliant video card issues by opening a saved 3D PSD file which will render/edit on non-compliant GPU's.  BTW, my D620 is 32-bit Windows XP Professional SP3.  If others can try my premise and feed back to this forum it would prove beneficial to all the members in this forum.  Can anyone validate this on say laptops other than a Dell D620 and Dell E6410?  I suspect once you call in a 3D PSD file composed on a non-compliant platform, it toggles a PhotoShop "on" bit to enable 3D software rendering.   Talk about being stoked on this exercise

    Forgot to mention you still have to have CS5 installed on your non-compliant laptop.  Wouldn't it be funny if this is a PS bug requiring a toggled bit to be set in order to render in 3D?

  • Non-domain computer cannot connect to server

    I have a unique issue. 
    I have a Windows 2008 server running Exchange 2010 (all roles on single server )
    I have a Windows 7 Pro client that is not a member of the domain.
    When setting up Outlook 2010 I enter user's name, email address and password.  The system starts configuring, it successfully searches for [email protected] settings.  It then prompts for credentials.  I cannot get it to take them.
    However, If I user the domain admin account I can successfully setup the domain admin email in Outlook.  I just cannot do it with a standard user.
    Also, I noticed that this non-domain computer can access domain member server if I provide credentials (domain\username). This does not work with this or any of my other Windows 2008 servers.
    I have been fighting this with no relief in sight...
    Thanks
    Wayne 

    Let me be clear about my symptoms.
    Exchange with domain joined computers autodiscover/Outlookworks fine....
    DC's and exchange server all have same time/date otherwise nobody would be able to authenticate.
    The problem only exists with non-domain computers (both within the network and outside of the network)
    The autodiscover tests fine with exchange connectivity tester.  I cannot test outlook as I have a certificate from an untrusted root that is installed manually on the non-domain computers.
    The non-domain computers can connect to windows 2003 member server (with appropriate domain credentials) but not to this 2008 (or the other 2 2008 member servers)
    Update-  If I configure the domain administrator account on that same non-domain connected machine, it retrieves the domain admin email just fine.....

  • Non-domain computer request certificate

    We have Enterprise CA with Certificate Enrollment Policy Web Service and Certificate Enrollment Web Service on same domain computer. 
    When I configure Enrollment policy on non-domain computers by adding exist Certificate Enrollment Policy Server: 
    mmc->Certificates(local computer)->Personal-Manage Enrollment Policy, all looks fine. But when I do request
    New Certificate -> Select Certificate Enrollment Policy appears window with empty list and message:
    Certificate types are not available.You cannot request a certificate at this time because no certificate types are available. From domain computers all works fine, I can choose templates from the list and can do command:
       certutil -config "DomainComp\CAname" -ping. 
    from non-domain computers I can't do certutil -ping:
    ...Connecting to DomainComp\CAname ...
    Server could not be reached: The RPC server is unavailable. 0x800706ba

    I'm used select username/password authentication when installed CES/CEP roles. If I want to use authentication with
    certificates, I must to make request and enroll it on CA. This is a problem for non-domain computer. By the way, using method:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/098f858a-3e89-48d2-828e-274487033f6b/how-to-request-certificate-from-a-nondomain-computer?forum=winserversecurity
    I can manually make request file, issue it on Enterprise CA and export certificate file, when import certificate.
    This method
    http://blogs.technet.com/b/askds/archive/2010/05/25/enabling-cep-and-ces-for-enrolling-non-domain-joined-computers-for-certificates.aspx not work because appears empty list of enrolment templates.

  • NON-COMPLIANT: ..oraInst.loc doesn't point to inventory inside ORACLE_HOME

    Hello Gurus:
    I have just migrated and upgraded EBS 11i to 12.1.1 and now having trouble with the oraInventory setup.
    I have the three $ORACLE_HOMEs for 11.2.0 rdbms, 10.1.2 & 10.1.3 for the apps.
    cat /etc/oraInst.loc
    inventory_loc=/etc/oraInventory
    inst_group=oinstall
    RDBMS:
    cat /u01/app/oracle/product/11.2.0/db_1/oraInst.loc
    inventory_loc=/etc/oraInventory
    inst_group=oinstall
    10.1.2 :
    cat /u02/applfind/apps/tech_st/10.1.2/oraInst.loc
    inventory_loc=/etc/oraInventory
    inst_group=oinstall
    10.1.3 :
    cat /u02/applfind/apps/tech_st/10.1.3/oraInst.loc
    inventory_loc=/etc/oraInventory
    inst_group=oinstall
    First there is no ouicli.pl in RDBMS home so I use ./runInstaller -silent -attachHome to add it to the inventory
    For 10.1.2 & 10.1.3 Homes, when I use ouicli.pl it give me errors:
    cd $ORACLE_HOME/appsutil/clone
    ./ouicli.pl
    Out put:
    NON-COMPLIANT: /u02/applfind/apps/tech_st/10.1.2/oraInst.loc does not point to an inventory inside the current ORACLE_HOME
    Rapid Clone only supports oraInst.loc at that location if its content points to an inventory inside the same ORACLE_HOME
    Please make the necessary changes to the following file:
    /u02/applfind/apps/tech_st/10.1.2/oraInst.loc
    running OUI CLI home cloning:
    /u02/applfind/apps/tech_st/10.1.2/oui/bin/runInstaller -debug -clone -silent -force -nolink -waitForCompletion -invPtrLoc /etc/oraInst.loc session:ORACLE_HOME=/u02/applfind/apps/tech_st/10.1.2 oracle.as.j2ee.top:s_asInstanceName=OFD1_TOOLS__u02_applfind_apps_tech_st_10_1_2 oracle.as.j2ee.top:s_adminName=ias_admin oracle.as.j2ee.top:s_adminPassword=welcome ORACLE_HOME_NAME=OFD1_TOOLS__u02_applfind_apps_tech_st_10_1_2 -J-Doracle.installer.noLink=true
    Finished OUI CLI cloning for s_tools_oh with return code: 0Sat Oct 6 04:52:49 2012
    I have followed MOS Notes to no success:
    How to create, update or rebuild the Central Inventory for Applications R12 [ID 742477.1]
    How to Recreate the Global oraInventory [ID 295185.1]
    Global and Local Inventory explained [ID 360079.1]
    1) Looking at my oraInst.loc entries above what am I missing?
    2) Should there be a local and then a Global inventory? And if so, how is each defined - especially the Local inventory?
    3) How to I get ouicli.pl to update both local and global inventories as it is supposed to do?
    4) Why is it that When I changed the entry of /u02/applfind/apps/tech_st/10.1.2/oraInst.loc to:
    inventory_loc=/u02/applfind/apps/tech_st/10.1.2/oraInventory
    The /etc/oraInventory/ContentsXML/inventory.xml will not be updated?
    Thanks
    ChoMA

    Hello Hussein,
    We are Migrating and upgrading EBS 11i on a 32 bit ULN 4 to EBS 12.1.3 on an x86-64 bit ULN following doc 557738.1 (Export/import notes ....)
    We are currently at 12.1.1 and preparing to move onto 12.1.3.
    The folder $ORACLE_HOME/appsutil/clone/bin on this new server and installation f 12.1.1 does not contain adcfgclone.pl as needed by Note 458653.1
    Note [ID 742477.1] (How to create, update or rebuild the Central Inventory for Applications R12) called for using $ORACLE_HOME/appsutil/clone/ouicli.pl in the 11.2.0 rdbms ORACLE_HOME but this file (ouicli.pl) is also not there? It is nevertheless presnet in the in 10.1.2 & 10.1.3 ORACLE_HOMEs.
    1) Looking at my three oraInst.loc entries above what am I missing?
    2) Should there be two inventories (Local & Global)? And if so, how is each defined - especially the Local inventory?
    3) How do I get ouicli.pl to update both local and global inventories as it is supposed to do? From the error (NON-COMPLIANT: /u02/applfind/apps/tech_st/10.1.2/oraInst.loc does not point to an inventory inside the current ORACLE_HOME), ouicli.pl apparenlty needs a local inventory but how do I define both?
    4) Why is it that when I changed the entry of /u02/applfind/apps/tech_st/10.1.2/oraInst.loc to:
    inventory_loc=/u02/applfind/apps/tech_st/10.1.2/oraInventory
    The /etc/oraInventory/ContentsXML/inventory.xml will not be updated?
    Thanks very much
    ChoMA

Maybe you are looking for