Network Access Protection (NAP) is a new platform and solution that controls access to network resources based on a client computer’s identity and compliance with corporate governance policy. NAP allows you to define granular levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access.
NAP enforces health requirements by monitoring and assessing the health of client computers when they attempt to connect or communicate on a network. Client computers that are not in compliance with the health policy can be provided with restricted network access until their configuration is updated and brought into compliance with policy. Depending on how NAP is deployed, noncompliant clients can be quarantined or automatically updated so that users can quickly regain full network access without manually updating or reconfiguring their computers.
Windows Server 2008 R2 Network Access Protection offers the following benefits:
Health Policy Validation
- Validate the health of a computer connecting to the network
- Administrator can set polices to restrict or control access to the network based on the health of the computer
- Devices that are compliant are allowed access to the network
- Devices that fail the compliance check are restricted
Health policy Remediation
- Computers that do not comply with health policies have limited access until software and configuration updates are completed
- Non-compliant devices can be automatically updated
- Specific updates can also be pushed to the device via manual remediation
Post Connect Compliance
- Compliant computers connected to the network lose connection if they lose health status
- Any change of state in the device is reported back to the policy server for post-connect compliance