Although Windows Vista and Windows Server 2008 includes a Network Access Protection (NAP) client out of the box, not so for Windows XP. Previously, you had to install a separate client (the Network Access Protection (NAP) Client for Windows XP), which was supported with Windows XP SP2. This XP NAP client has been in beta for some time, and very successful, so I was thrilled to hear from the Windows NAP PM (Jeff Sigman) that it’s now officially released – but not as a separate downloadable client. It’s actually rolled into Windows XP SP3. With all the other enhancements and updates in the service pack, this helps to simplify and justify the upgrade.
This is excellent news for customers. However, it does have a short term impact on Configuration Manager and our documentation.
The Network Access Protection reports and NAP client status in Configuration Manager helps you to identify which computers support NAP, and which computers could support NAP if they are upgraded:
- The Network Access Protection report List of computers that can be upgraded to support NAP lists computers running Windows XP SP2. These computers do support an upgrade to SP3, but so do computers running Windows XP SP1. To identify computers running Windows XP SP1 because you want to upgrade them to SP3, you can run the following query:
Select disc.Netbios_Name0, assi.SMS_Assigned_Sites0, disc.Client_Version0 from v_R_System disc left join v_RA_System_SMSAssignedSites assi on disc.ResourceID=assi.ResourceID left join v_GS_OPERATING_SYSTEM inv on disc.ResourceID=inv.ResourceID where inv.BuildNumber0 = '2600' and inv.CSDVersion0 like '%Service Pack 1%'
- The Network Access Protection report List of NAP-capable and NAP-upgradable computers lists as “NAP-capable” computers running Windows Vista and Windows Server 2008, but it doesn’t currently list computers running Windows XP SP3. To find computers running Windows XP Service Pack 3, you can run the following query:
Select disc.Netbios_Name0, assi.SMS_Assigned_Sites0, disc.Client_Version0 from v_R_System disc left join v_RA_System_SMSAssignedSites assi on disc.ResourceID=assi.ResourceID left join v_GS_OPERATING_SYSTEM inv on disc.ResourceID=inv.ResourceID where inv.BuildNumber0 = '2600' and inv.CSDVersion0 like '%Service Pack 3%'
The Network Access Protection home page displays the number of NAP computers for the site. This number will remain correct because it references the NAP agent namespace on the computers rather than using the operating system details.
Thank you to our NAP developer, Sangeetha Visweswaran, for researching this and testing the queries.
Now that the NAP XP client is included with the operating system rather than a separate downloadable client, the concept of “NAP-upgradable” is less helpful, so you are likely to see references to this disappearing in future releases of the product. For example, you could also upgrade Windows XP to Windows Vista in order to support NAP, or upgrade Windows Server 2003 to Windows Server 2008 in order to support NAP. The term “NAP-capable” in the glossary will be revised to remove the reference to the separate client on Windows XP SP2.
The documentation that accompanies the Release Candidate for Configuration Manager 2007 Service Pack 1 still references the separate Network Access Protection (NAP) Client for Windows XP that can be downloaded and installed through software distribution for computers running Windows XP SP2. This will be corrected for the official release version (RTM) that will also be published on the Web as an update to the Configuration Manager documentation library. The key topics changed for this revision will be listed as a significant technical change in the topic “What's New in the Configuration Manager Documentation Library for May 2008.”
The next update of the quizzes will also revise the references to supporting NAP on Windows XP.
The Windows XP Service Pack 3 is due to be made available on the Microsoft Download Center and through Windows Update on 4/29. For more information:
From the Windows NAP blog: XP NAP Client RTMs!!!
This posting is provided AS IS with no warranties and confers no rights.