As I learned at Tech Ed 2007, Microsoft NAP still has two large misconceptions out in the world:
1. NAP is solely based on DHCP technology - 100% FALSE
2. Deploying NAP requires a complete "rip and replace" of your existing AD/Server infrastructure - 100% FALSE
I created the table below to demystify which options are available for the NAP Client across three platforms.
The table doesn’t discuss the NAP Server, but I think it is worth discussing briefly. Our NAP Server "role", contained in Windows Server 2008, is named "Network Policy and Access Services". The heart of the NAP Server is named "Network Policy Server" or "NPS" for short. To deploy NAP in your environment, you must have at least one Windows Server 2008 computer running NPS. That’s it! It doesn’t need to be a domain controller, nor even joined to a domain in most cases.
On to the table:
NAP Client Feature
Windows Server 2008(acting as a client)
Installed by default
The NAP Client for Windows XP will be available publicly within Windows XP Service Pack 3, releasing in the Windows Server 2008 timeframe.
Turned "OFF" by default
You can enable NAP via Group Policy (GP), command-line, registry or MMC.
Windows XP supports only IKE based IPsec (no AuthIP support).
802.1x Wireless Enforcement
802.1x Wired Enforcement
Windows System Health Agent (WSHA)
Windows Security Center integration with the NAP Client. This is not available on the Server (acting as a NAP Client).
The .Net Managed MMC Snap-in is not available on Windows XP.
Group Policy (GP) Configuration
I hope this clears up some things about NAP for you. Please feel free to comment on this post -or- email me -or- post to our public web forum!
NAP the WORLD in 2007,
Jeff SigmanNAP Release ManagerJeff.Sigman@online.microsoft.com *- http://blogs.technet.com/nap- http://microsoft.com/nap- http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=576&SiteID=17* Remove the "online" to actually email me.** This posting is provided "AS IS" with no warranties, and confers no rights.