[Non-NAP capable XP clients receive full access in NAP DHCP enforcement ]
When a non-NAP-capable XP SP3 computer first joins the network and attempts to acquire a DHCP lease from a NAP-enabled DHCP server in a DHCP enforcement scenario, it is granted full network access despite a network policy requiring quarantine. This occurs because the client is not evaluated by NPS.
If a release/renew is executed on the client, it will acquire a restricted IP address 50% of the time. (Or we can reproduce this issue by disable and re-enabling the NIC on XP SP3 client)
The behavior is not observed for Vista.
This issue is currently under investigation and mitigation