Network Access Protection (NAP)

Latest news from the Network Access Protection (NAP) team at Microsoft.

Blogs

What client health checks should we add to NAP?

  • Comments 3
  • Likes

In the Vista / Longhorn Server timeframe, the included Windows System Health Agent will have the ability to restrict client network access based on the following Windows Security Center features:

  1. Firewall is enabled for all interfaces
  2. Antivirus is enabled / up-to-date signatures
  3. Antispyware is enabled / up-to-date signatures
  4. Automatic Update is enabled / up-to-date patches

We have had a lot of feedback from early NAP adopters that they would like to see future support for:

  1. Registry value checks
  2. WMI value checks
  3. File version/date/location checks

NAP was designed as an extensible platform, with a public API published on MSDN. We are working with many 3rd party companies who are going to provide value-added features on top of NAP.

We would love to hear from you about what client health checks should be added in the future, whether by Microsoft or a 3rd party extending NAP.

 

Jeff Sigman [MSFT]
NAP Release Manager
Jeff.Sigman@online.microsoft.com *
http://blogs.technet.com/nap

* Remove the "online" to actually email me.
** This posting is provided "AS IS" with no warranties, and confers no rights.

 

Comments
  • Hi Jeff,
    I salute you for asking about what should be baked into the product! As you know, Remote Access Quarantine was a resounding failure when it could have been a Real Microsoft Success Story but for the lack of built in support and the requirement that your customers all be accomplished programmers. I'm looking forward to NAP not being the failure that was Remote Access Quarantine becuase you all will put real functionality in it "right out of the box" and not require the customer to make NAP an avocation.
    Thanks!
    Tom Shinder
    MVP ISA Firewalls

  • Hey Tom, “Quarantine” in WS03 was certainly never intended for the typical ITPro and required coding / scripting knowledge to pull-off a real “solution”. When we started the idea of NAP, it was our intention from day 1 to create an actual solution to customer problems which could be deployed by the ITPro/Generalist.

    If we want to get version 1 of NAP right the first time, it is important to hear from people who intend to use it and dig through all of their feedback. Hopefully, we get it right and it really takes off!

    PS – I don’t want to give anyone a new hobby to successfully deploy NAP, but I would love a rich ecosystem around NAP where you could buy a 3rd party extension to make NAP even cooler. :->

    - Jeff

  • PingBack from http://bargain-late-travel.be/index.php/archives/203

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment