When a NAP client attempts to connect to the network, the client's health state is validated against the health requirement policies defined in the Network Policy Server (NPS).
If a client is not compliant with the defined health policies, the administrator can choose to limit the client's access to a restricted network. This restricted network ideally contains health update resources for the client to gain compliance. In this limited access environment, only clients that comply with the health requirement policies are allowed unlimited access to the network. However, the administrator can also define exceptions.
The administrator can choose to configure a monitoring-only environment where the noncompliant client can still be granted full network access. In this environment, the compliant state for each client is logged.
The administrator can also choose to automatically update noncompliant clients with missing software updates to help ensure compliance. In a limited access environment, noncompliant clients will have restricted network access until the updates and configuration changes are completed. In a monitoring-only environment, noncompliant clients will have full access to the network before they are updated with the required changes.
With all these options available, administrators can configure a solution that is best tailored to the needs of their networks.
The Microsoft literature contains important information about NAP that the user should read to better understand this platform. For the latest information, refer to the Network Access Protection (Microsoft TechNet) at http://technet.microsoft.com/en-us/network/bb545879.