Welcome to TechNet Blogs Sign in | Join | Help

Syndication

News

  • My Twitter
    • Longhorn:: 10 Reasons to look at Windows Longhorn Part 6: Network Access Protection

     

    Network Access Protection provides limited access enforcement components for the following technologies:

    • Internet Protocol security (IPsec)
    • IEEE 802.1x authenticated network connections
    • Dynamic Host Configuration Protocol
    • Virtual private networks (VPN)
    Administrators can use these technologies separately or together to limit noncompliant computers.

     

    How NAP works:

     

    1. Client requests access to network and presents current health status

    2. DHCP, VPN or Switch Router relays health status to Microsoft’s Network Policy Server

    3. The Network Policy Server validates this against IT-defined health policies

    4. If the machine is policy compliant, it’s given immediate access to the corporate network

    5. If the machine is not policy compliant, it is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures, etc. Repeat 1-3.

    On the Network Policy Server (NPS), administrators set the policy against which computer compliance will be measured before granting connecting computers access to the network. On the image below you can see which protection you can select onto the NAP protected client. For example you could decide that the client computer needs a firewall enabled, Antivirus enabled and up to date, Spyware protection enabled and up to date and if your client computer is updated through the WSus server we can enforce that the updates must be applied.


    NAP Scenarios:

    • Check the health and status of roaming laptops
    • Ensure the health of desktop computers
    • Determine the health of visiting laptops
    • Verify the compliance and health of unmanaged home computers

     

    Network Access Protection is not designed to secure a network from malicious users. It is designed to help administrators maintain the health of the computers on the network.

     

     

    Previous Posts in this series:

    Part 5: Server Core

    Part 4: Server Hardening

    Part 3: Internet Information Services 7.0

    Part 2: Windows PowerShell

    Part 1: Server Management Improvements

    Published Friday, March 16, 2007 11:00 AM by aralves

    Comment Notification

    If you would like to receive an email when updates are made to this post, please register here

    Subscribe to this post's comments using RSS

    Comments

    # http://sideshowtob.spaces.live.com/ @ Saturday, March 17, 2007 3:25 AM

    TrackBack

    # http://blog.baeke.info/blog/_archives/2007/3/18/2815284.html @ Monday, March 19, 2007 8:09 AM

    TrackBack

    # The Short NAP: Tuesday 20 March 2007 @ Monday, March 19, 2007 8:44 PM

    I've been speedlinking some interesting Network Access Protection links in the past (which you can find

    travelling without moving

    # Longhorn:: 10 Reasons to look at Windows Longhorn Longhorn Part 9: Windows Server Virtualization @ Monday, May 14, 2007 6:10 PM

    It has been quite a while now since I wrote part 8 of this series. I must admit I tried to start this

    [MSFT-BE] Arlindo's Blog - IT Pro Evangelist

    # Longhorn:: 10 Reasons to look at Windows Longhorn Part 8: Branch Office Deployments @ Wednesday, May 16, 2007 7:41 AM

    In part 5 of this series I talked about the server core and which impact it can have when we look at

    [MSFT-BE] Arlindo's Blog - IT Pro Evangelist

    # 'Longhorn:: 10 Reasons to look at Windows Longhorn: Part 10 Terminal Services @ Wednesday, May 16, 2007 7:44 AM

    This is the last post in my 10 reasons series, to conclude this series we will look at the improvements

    [MSFT-BE] Arlindo's Blog - IT Pro Evangelist

    Leave a Comment

    (required) 
    required 
    (required) 
    © 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
    Page view tracker