When a NAP client attempts to connect to the network, the
client's health state is validated against the health requirement policies
defined in the Network Policy Server (NPS).
If a client is not compliant with the defined health policies, the
administrator can choose to limit the client's access to a restricted
network. This restricted network ideally contains health update resources for
the client to gain compliance. In this limited access environment, only clients
that comply with the health requirement policies are allowed unlimited access
to the network. However, the administrator can also define exceptions.
The administrator can choose to configure a monitoring-only
environment where the noncompliant client can still be granted full network
access. In this environment, the compliant state for each client is logged.
The administrator can also choose to automatically update noncompliant
clients with missing software updates to help ensure compliance. In a limited
access environment, noncompliant clients will have restricted network access
until the updates and configuration changes are completed. In a monitoring-only
environment, noncompliant clients will have full access to the network before
they are updated with the required changes.
With all these options available, administrators can configure a
solution that is best tailored to the needs of their networks.
The Microsoft literature contains important information about NAP
that the user should read to better understand this platform. For the latest
information, refer to the Network Access Protection (Microsoft TechNet) at