-
-
This is part 2 of my NAP Reporting series.
At this phase in my NAP project we are in a DHCP reporting mode. This is the easiest way to get your feet wet with NAP, you install NPS on your DHCP servers, and create NAP policies that allow all health levels access to the network. In order to define my security policies at 1 location, I've got all DHCP servers configured as RADIUS clients to a central NPS server. This simplifies NAP administration and also allows me to enable ACS on the central server instead of having it enabled on all DHCP servers. If I wanted to have a decentralized model, ACS could just as easily handle it.
So why ACS? There are several problems with the NPS SQL logging that are handled automatically by ACS. ACS provides you with the database, tables, views, reports, and grooming jobs. With NPS SQL logging your on your own to create all of that. Plus as I mentioned in the last post, the event log has more information than what is provided in SQL logging. Using ACS isn't perfect though, the format of the database is difficult to use at first and it's not suitable for long term storage. If you've got some event log collection software already implemented you may want to consider the pros and cons of using it vs. ACS. I plan on eventually creating a data warehouse to solve my reporting issues but I'm not familiar with that process yet. If or when I get there, I'll blog about it, until then SecureVantage or EnterpriseCertified might have a product that helps.
I'm not going to get into the details of how to set NAP up because Microsoft's step by step guides are excellent. This diagram show's how I've got my environment setup, it's not too complicated and should apply whether you're doing DHCP NAP reporting or any of the other enforcement methods such as 802.1x or IPSec.
-
-
I've spent a lot of time this year working on a MS NAP implementation. I'm nowhere near complete with this project but I would like to share what I've got so far in reference to reporting.
The best article I could find on NAP reporting is a guest post on the Microsoft NAP blog by Alex Chalmers from Ball State University. I'm sure it works fine but it's much more complicated than my environment warrants and since I'm a OpsMgr/ConfigMgr guy, I figured I would try it using ACS instead.
The benefits of ACS is that we don't need to have NAP SQL reporting enabled which eliminates a failure point for authentication and many SQL services depending on how many NPS servers you are running. The built in SQL reporting feature also doesn't include the health validator results while the event log does. Without this we can't determine why a client failed to meet our policy. ACS also takes care of data grooming for us.
ACS sounds pretty easy, all we need to do is enable the ACS forwarder on the NAP server and we're good…
Almost… There are a few road blocks that I've had to overcome. OpsMgr RTM/SP1's EventSchema did not include the events related to NAP. With R2, the events are included in the schema but the last few parameters of the event get truncated which throws out the SHV result.
This is going to be at least a 5 part series. In my next post, I'll outline the server architecture. In Part 3, I'll go over my EventSchema.xml customizations. In part 4, I'll show you how to parse the SHV result in SQL. In Part 5, I'll give you some sample reports. I hope to have these completed in the next 2 weeks. If I slack off, nudge me via the contact form.
-
-
The following query will give you the version of each management pack on multiple management groups. Replace MG1 and MG2 with your management group names. This is only useful if you have multiple management groups reporting to the same data warehouse.
With MPs(MG, MP, Version)
AS (
SELECT vManagementGroup.ManagementGroupDefaultName, vManagementPack.ManagementPackDefaultName, vManagementPackVersion.ManagementPackVersion
FROM vManagementGroupManagementPackVersion INNER JOIN
vManagementGroup ON vManagementGroupManagementPackVersion.ManagementGroupRowId = vManagementGroup.ManagementGroupRowId INNER JOIN
vManagementPackVersion ON
vManagementGroupManagementPackVersion.ManagementPackVersionRowId = vManagementPackVersion.ManagementPackVersionRowId INNER JOIN
vManagementPack ON vManagementPackVersion.ManagementPackRowId = vManagementPack.ManagementPackRowId
)
Select MP, MG1, MG2
from MPs
Pivot (
max(Version)
FOR MG in ([MG1], [MG2])) as pvt
Sample Output:
| MP | MG1 | MG2 |
| Windows Cluster Library | 6.1.7221.0 | 6.0.6278.0 |
| Windows Core Library | 6.1.7221.0 | 6.0.6278.0 |
| Windows Server 2000 Operating System | 6.0.6667.0 | 6.0.6321.5 |
| Windows Server 2003 Operating System | 6.0.6667.0 | 6.0.6321.5 |
| Windows Server 2008 Internet Information Services 7.0 | NULL | 6.0.6539.0 |
| Windows Server 2008 Operating System (Discovery) | 6.0.6667.0 | 6.0.6321.5 |
| Windows Server 2008 Operating System (Monitoring) | 6.0.6667.0 | 6.0.6321.5 |
| Windows Server Internet Information Services 2000 | NULL | 6.0.6539.0 |
| Windows Server Internet Information Services 2003 | NULL | 6.0.6539.0 |
| Windows Server Internet Information Services Library | NULL | 6.0.6539.0 |
| Windows Server Operating System Library | 6.0.6667.0 | 6.0.6321.5 |
| Windows Service Library | 6.1.7221.0 | 6.0.6278.0 |
| WS-Management Library | 6.1.7221.0 | 6.0.6278.0 |