Advanced Deployment for DirectAccess with NAP

Updated: October 1, 2010

Applies To: Windows Server 2008 R2

Advanced deployment for the DirectAccess with Network Access Protection (NAP) solution consists of automating operational tasks and using system information streams for operational and business intelligence.

Automating operational tasks

Because the DirectAccess client receives NAP and DirectAccess client settings through the NAP and DirectAccess client Group Policy objects (GPOs) through its membership in a DirectAccess client security group, you can simplify the ongoing operational tasks of granting and revoking DirectAccess to computer accounts by automating the management of the DirectAccess client security group membership with scripts or custom programs.

Using system information streams for operational and business intelligence

The system information streams for operational and business intelligence for the DirectAccess with NAP solution are the following:

• NPS Accounting data stored as log files or logged directly to a NPS SQL Server Logging

• NPS and Health Registration Authority (HRA) events in the Windows event log

By analyzing these information streams, you can determine:

• The frequency of health checks by DirectAccess clients

• How many of them are compliant and noncompliant with system health requirements

• The types of problems that require health remediation

You can also use performance monitoring on the DirectAccess server, certification authorities (CAs), network location servers, HRAs, remediation servers, and NAP health policy servers to determine when to add or reduce capacity.