Network Access Quarantine Control and NAP

Article
07/03/2012

Applies To: Windows Server 2008

Network Access Quarantine Control and NAP

Network Access Quarantine Control (NAQC) allows you to verify the configuration of client computers that are connecting to a server running Routing and Remote Access only at the moment when the access client is connecting to the network. The configuration of the client computer is verified by a script created by your organization administrator.

Network Access Protection (NAP) is a client health policy creation, enforcement, and remediation technology that is included in Windows Vista® and Windows Server® 2008. With NAP, you can establish health policies that define such things as software requirements, security update requirements, and required configuration settings for computers that connect to your network. The use of NAP rather than NAQC is recommended.

Important

If you deploy both NAP and NAQC on your network, you must create separate network policies. If you configure one network policy with both NAP settings and NAQC attributes, such as a Quarantine IP Filter and a Quarantine Session Timer, NPS applies NAQC settings rather than NAP settings.

The following table lists the differences between NAP and NAQC.

Feature	Available with NAP?	Available with NAQC?
Can deploy with VPN (Routing and Remote Access)	Yes	Yes
Can deploy with Internet Protocol security (IPsec) and Health Registration Authority (HRA)	Yes	No
Can deploy with 802.1X wired and wireless	Yes	No
Can deploy with Terminal Services Gateway (TS Gateway)	Yes	No
Can deploy with DHCP	Yes	No
Provides ongoing monitoring of client computer	Yes	No; client configuration is checked once, when client attempts network access
Provides integrated automatic remediation of noncompliant computers	Yes	No
Requires administrator to write script to check client configuration	No	Yes

Network Access Quarantine Control and NAP

Network Access Quarantine Control and NAP

See Also

Concepts

Additional resources