1.2.5 Terminal Services Networks
The following diagram shows how NAP is deployed with Remote Desktop networks.

Figure 8: NAP deployment with Remote Desktop networks
A Remote Desktop Gateway client (RDG client) can have its access to a remote desktop authorized by a Remote Desktop gateway [MS-TSGU]. NAP can use the Remote Desktop Gateway Server Protocol's authentication and authorization protocol phases for the evaluation of the client's SoH. The SoH request and SoHR are transported over the Remote Desktop Gateway Server Protocol. The Remote Desktop gateway then communicates with an NPS to evaluate the client's health. This gateway uses the response from the NPS to either grant or deny access, and it can also direct the client to a set of remediation servers to fix software configuration, virus signatures, and so on.