Longhorn:: 10 Reasons to look at Windows Longhorn Part 6: Network Access Protection


Network Access Protection provides limited access enforcement components for the following technologies:

  • Internet Protocol security (IPsec)
  • IEEE 802.1x authenticated network connections
  • Dynamic Host Configuration Protocol
  • Virtual private networks (VPN)
Administrators can use these technologies separately or together to limit noncompliant computers.


How NAP works:


1. Client requests access to network and presents current health status

2. DHCP, VPN or Switch Router relays health status to Microsoft’s Network Policy Server

3. The Network Policy Server validates this against IT-defined health policies

4. If the machine is policy compliant, it’s given immediate access to the corporate network

5. If the machine is not policy compliant, it is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures, etc. Repeat 1-3.

On the Network Policy Server (NPS), administrators set the policy against which computer compliance will be measured before granting connecting computers access to the network. On the image below you can see which protection you can select onto the NAP protected client. For example you could decide that the client computer needs a firewall enabled, Antivirus enabled and up to date, Spyware protection enabled and up to date and if your client computer is updated through the WSus server we can enforce that the updates must be applied.

NAP Scenarios:

  • Check the health and status of roaming laptops

  • Ensure the health of desktop computers

  • Determine the health of visiting laptops

  • Verify the compliance and health of unmanaged home computers


Network Access Protection is not designed to secure a network from malicious users. It is designed to help administrators maintain the health of the computers on the network.



Previous Posts in this series:

Part 5: Server Core

Part 4: Server Hardening

Part 3: Internet Information Services 7.0

Part 2: Windows PowerShell

Part 1: Server Management Improvements

Comments (4)

  1. Anonymous says:

    I’ve been speedlinking some interesting Network Access Protection links in the past (which you can find

  2. Anonymous says:

    It has been quite a while now since I wrote part 8 of this series. I must admit I tried to start this

  3. Anonymous says:

    In part 5 of this series I talked about the server core and which impact it can have when we look at

  4. Anonymous says:

    This is the last post in my 10 reasons series, to conclude this series we will look at the improvements

Skip to main content