The areas of maintenance for an IPsec enforcement deployment are the following:
Adding a NAP client
Adding a new SHA and SHV
Managing NAP CAs
To add a NAP client, do the following:
Join the NAP client computer to the domain.
Install the SHAs on the NAP client computer.
Add the computer account of the NAP client to the secure network OU or security group.
For a Windows XP SP3–based NAP client, you must also set the HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\Oakley\IKEFlags registry value to 0x1c.
For a new non–domain-joined NAP client, follow the steps in Configuring NAP Client Settings earlier in this chapter.
To add a new SHA and SHV to your IPsec enforcement deployment, ...