Configure NAP Enforcement Clients
Applies To: Windows Server 2008, Windows Server 2012
You can use the NAP Client Configuration snap-in to enable, disable, add, and delete Network Access Protection (NAP) enforcement clients. A NAP enforcement client is responsible for requesting access to a network, communicating a client computer's health status to the NAP server that is authorizing the network access, and communicating the connection status of the client computer to other components of the NAP client architecture.
In this version of Windows, there are five built-in enforcement clients corresponding to the following network access mechanisms:
| Enforcement client | Description |
|---|---|
Dynamic Host Configuration Protocol (DHCP) |
Enforces health policies when a client computer attempts to obtain an IP address from a DHCP server. |
Extensible Authentication Protocol (EAP) |
Enforces health policies when a client computer attempts to access a network through an 802.1X wireless connection or an authenticating switch connection. |
Remote access |
Enforces health policies when a client computer attempts to gain access to the network through a virtual private network (VPN) connection. |
Internet Protocol security (IPsec) |
Enforces health policies when a client computer attempts to communicate with another computer using IPsec. |
Terminal Services Gateway (TS Gateway) |
Enforces health policies on a computer attempting to access a terminal server. |
In addition to the built-in enforcement clients, there might also be one or more additional enforcement clients present on a client computer. You can also use the NAP Client Configuration snap-in to enable, disable, add, and delete enforcement clients that are not provided with the operating system.
When to perform this task
To implement NAP in your organization, you must enable at least one NAP enforcement client on client computers. You might also need to enable additional enforcement clients as your network health requirements change and you want to enforce health policies through other network access mechanisms.
You might need to disable enforcement clients when you are troubleshooting network access problems or when your health requirements change and you want to enforce health policies by using other enforcement clients.
You might need to add or remove enforcement clients when you install or uninstall Microsoft enforcement clients.
To complete this task, perform the following procedures:
Enable and Disable the DHCP Enforcement Client
Enable and Disable the Remote Access Enforcement Client
Enable and Disable the IPsec Enforcement Client
Enable and Disable the EAP Enforcement Client
Enable and Disable the TS Gateway Enforcement Client