The Windows Security Health Validator (WSHV) is included with Windows Server 2008 and Windows Server 2008 R2. The WSHV evaluates the operational status of the following components on NAP client computers:

• Firewall: If this requirement is enabled, the client computer must have a firewall that is registered with Windows Security Center and enabled for all network connections.
  
  
• Virus Protection: If this requirement is enabled, the client computer must have an antivirus application installed, registered with Windows Security Center, and turned on. The client computer can also be checked to ensure that the antivirus signature file is up-to-date.
  
  
• Spyware Protection: If this requirement is enabled, the client computer must have an antispyware application installed, registered with Windows Security Center, and turned on. The client computer can also be checked to ensure that the antispyware signature file is up-to-date. Spyware protection applies only to NAP clients running Windows Vista or Windows 7.
  
  
• Automatic Updating: If this requirement is enabled, the client computer must be configured to check for updates from Windows Update. You can choose whether to download and install them.
  
  
• Security Update Protection: If this requirement is enabled, the client computer must have security updates installed based on one of four possible values that match security severity ratings from the Microsoft Security Response Center (MSRC). The client must also check for these updates during a specified time interval. You can use Windows Server Update Services (WSUS), Windows Update, or both to obtain security updates.
  
  

• NAP Health Policy Servers
  
  
• System Health Validator Settings
  
  
• System Health Validator Error Codes