Network Access Protection Commands for NPS

This section contains the following commands.

For information on how to interpret netsh command syntax, see Formatting Legend.

Network Access Protection commands

The following entries provide details for each command.

add remediationserver

Adds one or more servers to the specified remediation server group.

Syntax

add remediationserver [ remediationservergroup = ] remediationservergroup [ address = ] address [ [ name = ] name ]

Parameters

remediationservergroup


Required. Specifies the name of the remediation server group to which you want to add servers.
address


Required. Specifies the Fully Qualified Domain Name (FQDN) or IP address Of the remediation server that you want to add.
name


Optional. Specifies the friendly name of the remediation server that you want to add.

Example

The following example adds a remediation server with the FQDN Server1.adatum.com to a remediation server group named Servers1. The friendly name for the server is Seattle Remediation server.

add remediationserver remediationservergroup = "Servers1" address = "Server1.adatum.com" name = "Seattle Remediation server"

add remediationservergroup

Adds a remediation server group to the NPS server configuration.

Syntax

add remediationservergroup [ name = ] name

Parameters

name


Required. Specifies the name of the remediation server group that you want to add to the Network Policy Server (NPS) configuration.

add shvtemplate

Adds a system health validator (SHV) template, also called a health policy, to the NPS server configuration.

Syntax

add shvtemplate [ name = ] name [ [ id = ] id [ config = ] ALLMUSTPASS | ALLMUSTFAIL | ONEMUSTPASS | ONEMUSTFAIL ]

Parameters

name


Required. Specifies the friendly name of the health policy.
id


Optional. Specifies one or more valid SHV IDs separated by a comma. If no ID is specified, all SHVs are selected.
config


Optional. Specifies the amount of SHVs that must pass or fail for the conditions of the network policy to be matched. If ALLMUSTPASS is designated, all SHVs configured in the health policy must pass for the conditions of the network policy to be matched. If ALLMUSTFAIL is designated, all SHVs configured in the health policy must fail for the conditions of the network policy to be matched. If ONEMUSTPASS is designated, one SHV configured in the health policy must pass for the conditions of the network policy to be matched. If ONEMUSTFAIL is designated, one SHV configured in the health policy must fail for the conditions of the network policy to be matched. The default is ALLMUSTPASS.

Example

In the following example, a health policy named HealthPolicy1 is added to the NPS server configuration.

add shvtemplate name = "HealthPolicy1"

delete remediationserver

Deletes one or more servers from the specified remediation server group.

Syntax

delete remediationserver [ remediationservergroup = ] remediationservergroup [ address = ] address [ [ name = ] name ]

Parameters

remediationservergroup


Required. Specifies the name of the remediation server group from which you want to delete a server.
address


Required. Specifies the FQDN or IP address of the remediation server that you want to delete.
name


Optional. Specifies the friendly name of the remediation server that you want to delete.

delete remediationservergroup

Deletes a remediation server group.

Syntax

delete remediationservergroup [ name = ] name

Parameters

name


Required. Specifies the name of the remediation server group that you want to delete from the NPS server configuration.

delete shvtemplate

Deletes the specified health policy (also called an SHV template).

Syntax

delete shvtemplate [ name = ] name

Parameters

name


Required. Specifies the friendly name of the health policy that you want to delete.

rename remediationserver

Specifies a new Fully Qualified Domain Name (FQDN) or IP address for an existing remediation server that is a member of an existing remediation server group.

Syntax

rename remediationserver [remediationservergroup = ] remediationservergroup [ address = ] address [ newaddress = ] newaddress

Parameters

remediationservergroup


Required. Specifies the name of the remediation server group that contains the remediation server that you want to rename.
address


Required. Specifies the FQDN or the IP address of the remediation server that you want to rename.
newaddress


Required. Specifies the new FQDN or IP address of the remediation server that you want to rename.

Example

The following example changes the name of the remediation server Server1.adatum.com in the remote remediation server group Servers1 to Remediation-01.adatum.com.

rename remediationserver remediationservergroup = "Servers1" address = "Server1.adatum.com" newaddress = "Remediation-01.adatum.com"

rename remediationservergroup

Renames the specified remediation server group.

Syntax

rename remediationservergroup [ name = ] name [newname =] new name

Parameters

name


Required. Specifies the name of the remediation server group that you want to rename.
newname


Required. Specifies the new name for the remediation server group.

Example

The following example changes the name of a remediation server group from Servers1 to Servers2.

rename remediationservergroup name = Servers1 newname = Servers2

rename shvtemplate

Renames an existing health policy (also called an SHV template).

Syntax

rename shvtemplate [ name = ] name [ newname = ] new name

Parameters

name


Required. Specifies the existing name of the health policy.
newname


Required. Specifies the new name for the health policy.

Example

The following example changes the name of a health policy from HealthPolicy1 to HealthPolicy2.

rename shvtemplate name = "HealthPolicy1" newname = "HealthPolicy2"

reset remediationserver

Resets a remediation server in the remediation server group that you specify.

Syntax

reset remediationserver [ remediationservergroup = ] remediationservergroup

Parameters

remediationservergroup


Required. Specifies the name of the remediation server group that contains the remediation server that you want to reset.

reset remediationservergroup

Resets a remediation server group.

Syntax

reset remediationservergroup

reset shv

Resets the SHV configuration.

Syntax

reset shv

reset shvtemplate

Resets the health policy configuration.

Syntax

reset shvtemplate

set remediationserver

Modifies the configuration of a remediation server in the specified remediation server group.

Syntax

set remediationserver [ remediationservergroup = ] remediationservergroup [ address = ] address [ [ name = ] name ]

Parameters

remediationservergroup


Required. Specifies the name of the remediation server group to which you want to add servers.
address


Required. Specifies the FQDN or IP address of the remediation server that you want to add.
name


Optional. Specifies the friendly name of the remediation server that you want to add.

set shv

Modifies the system health validator configuration.

Syntax

set shv [ id = ] id [ [ unreachablepolicyserver = ] NONCOMPLIANT | COMPLIANT [ unreachableremediationserver = ] NONCOMPLIANT | COMPLIANT [ shafailure = ] NONCOMPLIANT | COMPLIANT [ napserverfailure = ] NONCOMPLIANT | COMPLIANT [ othererrors = ] NONCOMPLIANT | COMPLIANT ]

Parameters

id


Required. Specifies the ID number of the SHV.
unreachablepolicyserver


Optional. Specifies the error that is returned when the SHV's policy server cannot be contacted. If you specify NONCOMPLIANT, the NAP client is treated as noncompliant. If you specify COMPLIANT, the NAP client is treated as compliant. The default is NONCOMPLIANT.
unreachableremediationserver


Optional. Specifies the error that is returned when the system health agent (SHA) cannot contact the remediation server and cannot successfully update a noncompliant NAP client. If you specify NONCOMPLIANT, the NAP client is treated as noncompliant. If you specify COMPLIANT, the NAP client is treated as compliant. The default is NONCOMPLIANT.
shafailure


Optional. Specifies the error that is returned when the SHA has an internal failure. If you specify NONCOMPLIANT, the NAP client is treated as noncompliant. If you specify COMPLIANT, the NAP client is treated as compliant. The default is NONCOMPLIANT.
napserverfailure


Optional. Specifies the error that is returned when the NAP server produces an internal failure. If you specify NONCOMPLIANT, the NAP client is treated as noncompliant. If you specify COMPLIANT, the NAP client is treated as compliant. The default is NONCOMPLIANT.
othererrors


Optional. Specifies all other errors in the NAP infrastructure. If you specify NONCOMPLIANT, the NAP client is treated as noncompliant. If you specify COMPLIANT, the NAP client is treated as compliant. The default is NONCOMPLIANT.

Example

The following example sets an SHV with the ID of 79744.

set shv id = "79744"

set shvtemplate

Changes the value of one or more properties of an existing health policy. Values specified by this command overwrite the existing values.

Syntax

set shvtemplate [ name = ] name [ [ id = ] id [ config = ] ALLMUSTPASS | ALLMUSTFAIL | ONEMUSTPASS | ONEMUSTFAIL ]

Parameters

name


Required. Specifies the friendly name of the health policy.
id


Optional. Specifies one or more valid SHV IDs separated by a comma. If no ID is specified, all SHVs are selected.
config


Optional. Specifies the amount of SHVs that must pass or fail for the conditions of the network policy to be matched. If ALLMUSTPASS is designated, all SHVs configured in the health policy must pass for the conditions of the network policy to be matched. If ALLMUSTFAIL is designated, all SHVs configured in the health policy must fail for the conditions of the network policy to be matched. If ONEMUSTPASS is designated, one SHV configured in the health policy must pass for the conditions of the network policy to be matched. If ONEMUSTFAIL is designated, one SHV configured in the health policy must fail for the conditions of the network policy to be matched. The default is ALLMUSTPASS.

show napserverinfo

Displays the Network Access Protection (NAP) configuration of the specified server.

Syntax

show napserverinfo

show remediationserver

Displays the properties of the remediation servers in the specified group.

Syntax

[ remediationservergroup = ] remediationservergroup

Parameters

Remediationservergroup


Required. Specifies the name of the remediation server group in which the server(s) reside.

show remediationservergroup

Displays the remediation server groups and the servers configured within each group.

Syntax

show remediationservergroup

show shv

Displays all of the system health validators (SHVs) that are registered in NPS.

Syntax

show shv

show shvtemplate

Displays all health policies.

Syntax

show shvtemplate

See Also