Network Access Protection
Updated: January 21, 2008
Applies To: Windows Server 2008
Network Access Protection (NAP) is a new technology introduced in Windows Vista and Windows Server 2008. NAP includes client and server components that allow you to create and enforce health requirement policies that define the required software and system configurations for computers that connect to your network. NAP enforces health requirements by inspecting and assessing the health of client computers, limiting network access when client computers are deemed noncompliant, and remediating noncompliant client computers for unlimited network access. NAP enforces health requirements on client computers that are attempting to connect to a network. NAP can also provide ongoing health compliance enforcement while a compliant client computer is connected to a network.
NAP enforcement occurs at the moment client computers attempt to access the network through network access servers, such as a virtual private network (VPN) server running Routing and Remote Access, or when clients attempt to communicate with other network resources. The way in which NAP is enforced depends on the enforcement method you choose. NAP enforces health requirements for the following:
Internet Protocol security (IPsec)-protected communications
Institute of Electrical and Electronics Engineers (IEEE) 802.1X-authenticated connections
Dynamic Host Configuration Protocol (DHCP) configuration
Terminal Services Gateway (TS Gateway) connections
Available NAP documentation includes in-product help, step-by-step guides available from the Microsoft Download Center, and technical guides available from the Windows Server 2008 Technical Library.
Product help is available for NAP on server and client computers. Client help is available on computers running Windows Server 2008 or Windows Vista by typing hh nap.chm at the command line or by opening the NAP Client Configuration console and pressing F1.
|NAP is supported on Windows XP with Service Pack 3 (SP3); however, the NAP Client Configuration console and NAP product help are only available on Windows Vista and Windows Server 2008.|
Health Registration Authority (HRA) product help is available on computers running Windows Server 2008. You can access HRA help by typing hh hra.chm at the command line, or by opening the Health Registration Authority console and pressing F1. HRA is required when you use the NAP IPsec enforcement method.
NAP step-by-step guides show you how to set up a test lab to deploy one of the NAP enforcement methods.
Step-by-Step Guide: Demonstrate IPsec NAP Enforcement in a Test Lab
Step-by-Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab
Step-by-Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab
Step-by-Step Guide: Demonstrate DHCP NAP Enforcement in a Test Lab
The Network Access Protection Design Guide answers the “What,” “Why,” and “When” questions a deployment design team might ask before deploying NAP in a production environment.
The Network Access Protection Deployment Guide is a procedural document that provides steps for installing and configuring NAP. It answers the “How” questions a deployment team might ask before implementing a NAP design.
The NAP Operations Guide provides the information you need for optimal, trouble-free, day-to-day operations of a NAP deployment.
This content is not yet available.
In addition to documenting the tools and credentials required to complete tasks and procedures, the Network Access Protection Troubleshooting Guide also provides help for troubleshooting problems quickly.