Network Access Protection Deployment Guide

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Network Access Protection (NAP) is one of the most anticipated features of the Windows Server® 2008 operating system. NAP is a new platform that allows network administrators to specify levels of network access based on a client’s identity, the groups to which the client belongs, and the degree to which the client complies with corporate governance policy. If a client is not compliant, NAP provides a mechanism for automatically bringing the client into compliance (a process known as remediation) and then dynamically increasing its level of network access.

NAP is an extensible platform that provides infrastructure components and an application programming interface (API) for adding components that verify and remediate a computer’s health and enforce various types of network access or communication. NAP is supported by Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista®, and Windows® XP with Service Pack 3 (SP3).

About this guide

This guide is intended for use by system administrators and system engineers. It provides detailed guidance for deploying a NAP design that has been preselected by you or an infrastructure specialist or system architect in your organization. If your organization has not yet selected a design, see the Network Access Protection Design Guide. You can then use this guide to deploy NAP in your production environment.

This guide provides steps for deploying the following primary NAP designs:

  • NAP with IPsec enforcement

  • NAP with 802.1X enforcement

  • NAP with VPN enforcement

  • NAP with DHCP enforcement

  • NAP-NAC enforcement

Note

The Terminal Services Gateway (TS Gateway) enforcement method is not discussed in this guide. For more information, see TS Gateway Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkID=167919).

Use the checklists in Implementing Your NAP Design Plan to determine how best to use the instructions in this guide to deploy your particular design. For information about hardware and software requirements for deploying NAP, see Appendix A: NAP Requirements in the Network Access Protection Design Guide.

Terminology used in this guide

For a list of NAP-related terms, see NAP Terminology.

See Also

Concepts

Planning a NAP Deployment Strategy
Planning Your NAP Deployment
Implementing Your NAP Design Plan