Share via


Network Access Protection

Applies To: Windows Server 2008

Network Access Protection (NAP) is a new technology introduced in Windows Vista and Windows Server 2008. NAP includes client and server components that allow you to create and enforce health requirement policies that define the required software and system configurations for computers that connect to your network. NAP enforces health requirements by inspecting and assessing the health of client computers, limiting network access when client computers are deemed noncompliant, and remediating noncompliant client computers for unlimited network access. NAP enforces health requirements on client computers that are attempting to connect to a network. NAP can also provide ongoing health compliance enforcement while a compliant client computer is connected to a network.

NAP enforcement occurs at the moment client computers attempt to access the network through network access servers, such as a virtual private network (VPN) server running Routing and Remote Access, or when clients attempt to communicate with other network resources. The way in which NAP is enforced depends on the enforcement method you choose. NAP enforces health requirements for the following:

  • Internet Protocol security (IPsec)-protected communications

  • Institute of Electrical and Electronics Engineers (IEEE) 802.1X-authenticated connections

  • VPN connections

  • Dynamic Host Configuration Protocol (DHCP) configuration

  • Terminal Services Gateway (TS Gateway) connections

Available NAP documentation includes in-product help, step-by-step guides available from the Microsoft Download Center, and technical guides available from the Windows Server 2008 Technical Library.

NAP Product Help

Product help is available for NAP on server and client computers. Client help is available on computers running Windows Server 2008 or Windows Vista by typing hh nap.chm at the command line or by opening the NAP Client Configuration console and pressing F1.

Note

NAP is supported on Windows XP with Service Pack 3 (SP3); however, the NAP Client Configuration console and NAP product help are only available on Windows Vista and Windows Server 2008.

Health Registration Authority (HRA) product help is available on computers running Windows Server 2008. You can access HRA help by typing hh hra.chm at the command line, or by opening the Health Registration Authority console and pressing F1. HRA is required when you use the NAP IPsec enforcement method.

NAP Step-by-Step Guides

NAP step-by-step guides show you how to set up a test lab to deploy one of the NAP enforcement methods.

Step-by-Step Guide: Demonstrate IPsec NAP Enforcement in a Test Lab

(https://go.microsoft.com/fwlink/?Linkid=85894)

Step-by-Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab

(https://go.microsoft.com/fwlink/?Linkid=86036)

Step-by-Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab

(https://go.microsoft.com/fwlink/?Linkid=85896)

Step-by-Step Guide: Demonstrate DHCP NAP Enforcement in a Test Lab

(https://go.microsoft.com/fwlink/?Linkid=85897)

NAP Design Guide

The Network Access Protection Design Guide answers the “What,” “Why,” and “When” questions a deployment design team might ask before deploying NAP in a production environment.

NAP Deployment Guide

The Network Access Protection Deployment Guide is a procedural document that provides steps for installing and configuring NAP. It answers the “How” questions a deployment team might ask before implementing a NAP design.

NAP Operations Guide

The NAP Operations Guide provides the information you need for optimal, trouble-free, day-to-day operations of a NAP deployment.

Content availability

This content is not yet available.

NAP Troubleshooting Guide

In addition to documenting the tools and credentials required to complete tasks and procedures, the Network Access Protection Troubleshooting Guide also provides help for troubleshooting problems quickly.

See Also

Other Resources

Network Access Protection Product Information Network Policy Server Network Access Protection in Configuration Manager