Network Access Protection (NAP)

Latest news from the Network Access Protection (NAP) team at Microsoft.

Day 2, NAP’ing TechEd

Day 2, NAP’ing TechEd

  • Comments 2
  • Likes

My NAP overview session went very well yesterday. All the demos went off perfect, and I thought {most} of the audience got a lot out of it. If you attended the session and have feedback, I’d love to hear it. I have a repeat session this Friday, so I have time to make some corrections and changes.

The show this year has followed the TechEd Europe model – one week of Dev TechEd, one week of IT Pro TechEd. Most people I have spoken to at the show appreciated the split as it lowered the crowds of having one huge show. Some folks did mention that they wear both hats – Developer and IT Pro and they wished it was still a one-stop shop. I think the split is a good thing overall as it feels like a focused event...

Virtualization is, of course, a hot topic at the show this year. Its section on the show floor is jam-packed. The interest in network security and compliance is still high though as my first session had over 400 people attend.

While I was speaking yesterday, we officially announced the availability of the “Microsoft Forefront Integration Kit for Network Access Protection” (aka FCS NAP) as a free download. I have been showing off this integration for months – I am pumped that it is now available to all!

More later from the show floor – I am typing this in the “TechEd Bloggers Lounge”. Cheers!

{Jeff Sigman}{Senior Program Manager & NAP Hero}{Enterprise Security Group}
{
NAP
Blog, FAQ, Forum, MSDN, Site and my bloÿg}

Comments
  • Very good session. But I don´t understand if computer GPOs will be applied if running NAP on computers ? What happened if have both computer and users authentication?

  • Magnus, thanks for attending (and liking) the session! Much appreciated!

    I assume you are asking about NAP + 802.1X? Provisioning computers is a challenge, even when using GPOs. You have to make sure that before they are provisioned, they can join the domain and such. When they are in the restricted VLAN, you should think about allowing access to a read-only or other AD DC (for domain scripts, mapped drives, GPO, etc).

    The way machine + user auth works is when the machine first boots, it auths as the computer entity. As soon as a user actually logs on physically, user auth is then performed until he logs off (when machine will kick back in).

    Hope this helps to clarify. Thanks again for attending the session!

    Jeff

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment