As you know (at least I hope that you do) we introduced Network Access Protection with Windows Server 2008. Thomas Shinder now published an article on WindowsSecurity.com about how to implement NAP and IPSec and Domain Isolation via Group Policies. It is a first part of a very good step-by-step guide:
Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy
I found this document to be quite helpful, thanks. And even better news, I noticed Centrify has delivered a product that extends Server and Domain Isolation to UNIX and Linux, so now SDI is cross-platform! Even more reason to try out SDI.