Mapping Your Deployment Goals to a NAP Design

Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista

After you have reviewed the NAP deployment goals and determined which are appropriate for your organization, you can map those goals to a specific design.

The following table shows how well the NAP designs meet the deployment goals discussed in Identifying Your NAP Deployment Goals. This table refers only to the four primary NAP designs described in this guide. However, you can combine the NAP deployment goals as appropriate for your organization.

NAP deployment goal IPsec enforcement design 802.1X enforcement design VPN enforcement design DHCP enforcement design

Keep Computers Updated

Excellent

Very Good

Good

Good

Protect Roaming Laptop Computers

Excellent

Good

Good

Good

Protect Corporate Headquarters from Noncompliant Computers

Excellent

Excellent

Good

Poor

Protect a Branch Office from Noncompliant Computers

Excellent

Excellent

Good

Poor

Manage Risk Within the Network

Excellent

Very Good

Good

Good

Track Compliance with Security Policies

Excellent

Excellent

Good

Good

Protect Remote Access

Excellent

N/A

Excellent

N/A

Protect Corporate Assets from Unmanaged Computers

Excellent

Very Good

Excellent

Poor

Before you select a NAP design, you must understand how each enforcement method works. You should also be sure to review component requirements and configuration details. The following enforcement methods are discussed in this guide: