1.3 Overview

Network Access Protection (NAP) is a platform that controls access to network resources, based on a client computer's identity and compliance with corporate governance policy. NAP allows network administrators to define granular levels of network access, based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. Based on the degree of compliance, NAP can implement different enforcement methods that can restrict or limit client access to the network. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then to dynamically increase its level of network access. The NAP architecture is specified in [MS-NAPOD].

The behavior of NAP can be controlled through Group Policy by updating the client registry, as specified in [MS-GPOL] and in [MS-GPREG]. This mechanism can be used by an administrator to enable or disable NAP enforcement, to set Health Registration Authorities (HRAs) to be used by the client, and to control client user interface and tracing. All NAP group policies are machine-specific, meaning that the same policy is applied to all users on a given machine.