Chris Henley is a fun and energetic representative of Microsoft. He works on the Developer Platform Evangelist team at Microsoft as an IT Professional Evangelist in the western region and is the co-author of Microsoft Windows Server 2008 R2 Administration Instant Reference from Sybex press. Chris is a regular speaker and presenter at user groups, Technet events, and major conferences around the US.
He has extensive experience in the world of computer networks. He is passionate about the way that technology helps people. He has an entertaining and insightful style of communicating technical information and of making difficult concepts easy to understand. He is an expert in server architecture and network design. He loves to push the envelope of what we think about computers, and what software can do. Chris spends his spare time playing XBOX360 with his wife and kids, fly fishing, camping, hiking, and searching for the best chocolate cake on planet earth.
You can use Network Access Protection with DHCP to enforce health policies, which can help protect a network against the spread of viruses, worms, and malicious software (malware).
NAP enforces health policies for the following network access technologies: DHCP address configuration, network connections based on VPN, and communication based on Internet Protocol security (IPsec). NAP also provides a suite of APIs that allow companies other than Microsoft to integrate their software into the NAP platform. By using the NAP APIs, software vendors can provide end-to-end solutions that validate health and remediate unhealthy clients.
DHCP Enforcement comprises a DHCP NAP ES component and a DHCP NAP EC component. Using DHCP Enforcement, DHCP servers can enforce health policy requirements any time a computer attempts to lease or renew an IP address configuration on the network. DHCP Enforcement is the easiest enforcement to deploy because all DHCP client computers must lease IP addresses. Because DHCP Enforcement relies on entries in the IP routing table, it is the weakest form of limited network access in Network Access Protection. The DHCP Server service on a computer running Windows Server 2008 provides automatic IP address configuration to intranet clients.
Between a NAP client and a DHCP server, the NAP client acting as a DHCP client uses DHCP messages to obtain a valid IPv4 address configuration and to indicate its current system health state. The NAP server uses DHCP messages to allocate either an IPv4 address configuration for the restricted network and indicate remediation instructions (if the DHCP client is noncompliant), or an IPv4 address configuration for unlimited access (if the DHCP client is compliant).