Server 2008 Network Access Protection (NAP) is a software based solution that allows computers to be checked for compliance, then placed on an isolated network if non-compliant. How is this related to SCCM 2007? The ConfigMgr client has the NAP SHA (System Health Agent) built-in. NAP can additionally be used to remediate computers that may not have all current security updates applied before they are allowed on a designated corporate network. ConfigMgr has an available System Health Validator (SHV) role that integrates with NAP.
In working on a recent project that involved NAP Proof of Concept, we compiled a list of Server 2008 Network Access Protection references that may be helpful.
· NAP homepage http://www.microsoft.com/windowsserver2008/en/us/nap-main.aspx
· NAP Portal http://technet.microsoft.com/en-us/network/bb545879.aspx
· NAP Design Guide http://technet.microsoft.com/en-us/library/dd125338(WS.10).aspx
· NAP Deployment Guide http://technet.microsoft.com/en-us/library/dd314175(WS.10).aspx
· NAP Protection Guide at http://technet.microsoft.com/en-us/library/dd348515(WS.10).aspx
· The Infrastructure Planning and Deployment Guides at http://www.microsoft.com/downloads/details.aspx?familyid=AD3921FB-8224-4681-9064-075FDF042B0C&displaylang=en
· NAP Policies in Windows Server 2008 at http://www.microsoft.com/downloads/details.aspx?FamilyID=8e47649e-962c-42f8-9e6f-21c5ccdcf490&displaylang=en
· NAP 802.1x for Wired networks and IPSEC at http://www.microsoft.com/downloads/details.aspx?FamilyID=d9aef757-f528-41be-a01f-99a60c9a855d&displaylang=en
· Step-by-Step Guide to demonstrate NAP IPSEC enforcement at http://www.microsoft.com/downloads/details.aspx?FamilyID=298ff956-1e6c-4d97-a3ed-7e7ffc4bed32&displaylang=en
· Step-by-Step-guide to Demonstrate NAP 802.1x enforcement at http://www.microsoft.com/downloads/details.aspx?FamilyID=8a0925ee-ee06-4dfb-bba2-07605eff0608&displaylang=en
· Step-by-Step Guide to demonstrate NAP VPN enforcement at http://www.microsoft.com/downloads/details.aspx?FamilyID=729bba00-55ad-4199-b441-378cc3d900a7&displaylang=en
· Step-by-Step Guide to demonstrate NAP DHCP Enforcement at http://www.microsoft.com/downloads/details.aspx?FamilyID=ac38e5bb-18ce-40cb-8e59-188f7a198897&displaylang=en
· Guide to NAP logging http://blogs.technet.com/wincat/archive/2007/10/29/the-definitive-guide-to-nap-logging.aspx
· Microsoft NAP Case study at http://technet.microsoft.com/en-us/library/cc678664.aspx
· Network Access Protection Design Guide at http://technet.microsoft.com/en-us/library/dd125338(WS.10).aspx
· Built-in NAP SHV agents at http://blogs.technet.com/nap/archive/2008/09/03/system-health-agents-shas-that-are-available-from-microsoft.aspx
· Forefront NAP integration at http://technet.microsoft.com/en-us/library/cc512112.aspx
· SHV/SHA available from partners at http://www.microsoft.com/windowsserver2008/en/us/nap-partners.aspx
"How Microsoft does IT: Managing Network Access Protection" TechNet webcast
“Introduction to Network Access Protection” white paper webcast
“Network Access Protection Platform Architecture” white paper webcast