NAP requires the setup of multiple databases for administration and management of the overall system, one of which is the logging database. Prior to Windows Server 2008 R2, the logging database required extensive SQL-based configuration. This setup has been automated in R2, completely relieving the administrator of an onerous task.
Similarly, prior to R2, Windows Server 2008 provided only one SHV configuration, meaning that wholesale changes to the system health requirements had to be made universally. Now you can apply different policies based on a specific configuration of the SHV. For example, systems internal to your network may require that only the anti-virus component is current, while systems connected via VPN may require both anti-virus and antispyware be active.
In addition, when used with Windows 7, R2 provides a streamlined remote access facility, simplifying remote connectivity and securing Remote Workspace, Presentation Virtualization, and Remote Desktop Services Gateway sessions.
NAP in the lab
As for previous reviews (see "NAC smorgasbord: Four ways to police the nework" and "Sophos NAC is a good start"), we examined NAP's ability to handle typical scenarios, including guest access, rogue devices, and non-Windows devices. We also examined the enforcement methods available natively with NAP. We installed Windows Server 2008 as the network core and configured both Windows Vista and Windows XP SP3 devices on the network. Our network also included a Mac OS X client and a printer, though NAP does nothing with non-Windows devices. It only tests the posture, or "health status," of Windows systems.
While configuring NAP was straightforward, it was also complex, requiring a long list of supporting services to be installed and configured. Even my simple deployment required several hours to configure, due to the prerequisites for 802.1X on Windows Server 2008, including the RADIUS server, certificates, and the enforcement clients.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Early results look promising: the many-hours-long Win7 waits may be behind us
Now that we're down to the wire, many upgraders report that the installer hangs. If this happens to...
Review: We've seen this 'one device for everything' movie before, and it ends just as badly this time
Long before self-driving cars triumph, new and enticing auto-related products will lure you into...
The newest edition of the powerful Python-to-C compilation framework adds speedups harvested from the...
For next year, the language will focus on easier use, better tooling, and improved integration with...