NAP is a good foundation for policy-based network access control, but lacks granular controls and easy management
NAP requires the setup of multiple databases for administration and management of the overall system, one of which is the logging database. Prior to Windows Server 2008 R2, the logging database required extensive SQL-based configuration. This setup has been automated in R2, completely relieving the administrator of an onerous task.
Similarly, prior to R2, Windows Server 2008 provided only one SHV configuration, meaning that wholesale changes to the system health requirements had to be made universally. Now you can apply different policies based on a specific configuration of the SHV. For example, systems internal to your network may require that only the anti-virus component is current, while systems connected via VPN may require both anti-virus and antispyware be active.
In addition, when used with Windows 7, R2 provides a streamlined remote access facility, simplifying remote connectivity and securing Remote Workspace, Presentation Virtualization, and Remote Desktop Services Gateway sessions.
NAP in the lab
As for previous reviews (see "NAC smorgasbord: Four ways to police the nework" and "Sophos NAC is a good start"), we examined NAP's ability to handle typical scenarios, including guest access, rogue devices, and non-Windows devices. We also examined the enforcement methods available natively with NAP. We installed Windows Server 2008 as the network core and configured both Windows Vista and Windows XP SP3 devices on the network. Our network also included a Mac OS X client and a printer, though NAP does nothing with non-Windows devices. It only tests the posture, or "health status," of Windows systems.
While configuring NAP was straightforward, it was also complex, requiring a long list of supporting services to be installed and configured. Even my simple deployment required several hours to configure, due to the prerequisites for 802.1X on Windows Server 2008, including the RADIUS server, certificates, and the enforcement clients.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
An unlikely combination of two Windows updates can reduce scan times from hours to minutes
With myriad problems now evident, it may be best to skip the Anniversary Update for now
This ridiculous feature is a major vulnerability. If you're forced to use it, here's how to make it...
Apple's WatchOS took unique approaches to app interactions, forcing users to learn something new....
Cloud vendors want you to pair the private cloud with the public cloud, but savvy IT pros have...
GitHub Load Balancer was originally created to handle Git's billions of daily connections ...