Advanced Deployment for DirectAccess with NAP
Published: March 25, 2010
Updated: October 1, 2010
Applies To: Windows Server 2008 R2
Advanced deployment for the DirectAccess with Network Access Protection (NAP) solution consists of automating operational tasks and using system information streams for operational and business intelligence.
Because the DirectAccess client receives NAP and DirectAccess client settings through the NAP and DirectAccess client Group Policy objects (GPOs) through its membership in a DirectAccess client security group, you can simplify the ongoing operational tasks of granting and revoking DirectAccess to computer accounts by automating the management of the DirectAccess client security group membership with scripts or custom programs.
The system information streams for operational and business intelligence for the DirectAccess with NAP solution are the following:
NPS Accounting data stored as log files or logged directly to a NPS SQL Server Logging
NPS and Health Registration Authority (HRA) events in the Windows event log
By analyzing these information streams, you can determine:
The frequency of health checks by DirectAccess clients
How many of them are compliant and noncompliant with system health requirements
The types of problems that require health remediation
You can also use performance monitoring on the DirectAccess server, certification authorities (CAs), network location servers, HRAs, remediation servers, and NAP health policy servers to determine when to add or reduce capacity.