Overview of Network Access Protection

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

Network Access Protection (NAP) is a policy enforcement platform built into Windows 7, Windows Vista, and Windows Server 2008 operating system that lets you better protect network assets by enforcing compliance with system health requirements.

Configuration Manager 2007 Network Access Protection lets you include software updates in your system health requirements. Configuration Manager NAP policies define which software updates to include, and a Configuration Manager System Health Validator point passes the client's compliant or non-compliant health state to the Network Policy Server. The Network Policy Server then determines whether the client has full or restricted network access, and whether non-compliant clients will be brought into compliance through remediation.

Remediation with Configuration Manager 2007 Network Access Protection requires that the software updates feature in Configuration Manager is configured and operational so that a non-compliant computer can be automatically brought into compliance. For information about configuring software updates, see Software Updates in Configuration Manager.

For more information about Network Access Protection in Windows, see the Network Access Protection Web site (http://go.microsoft.com/fwlink/?LinkId=59125).

You can use Network Access Protection in Configuration Manager to support the following business requirements:

  • Enforce compliance of software updates as part of a phased deployment. When you have a small number of computers that have failed to install current software updates through standard mechanisms by a target date, you can use Network Access Protection policies in Configuration Manager with an effective date to configure enforced compliance for these few computers.

  • Enforce compliance of software updates as part of an expedited deployment. When you have computers that must urgently install one or more critical software updates (for example, to address a zero-day exploit), you can use Network Access Protection policies in Configuration Manager that are configured to be effective as soon as possible.

For example scenarios of how Network Access Protection can be implemented in Configuration Manager 2007 to address these requirements, see Example Scenarios for Implementing Network Access Protection in Configuration Manager.

Note

For an overview of how Network Access Protection works in Windows, see the Webcast "Introduction to Network Access Protection" (http://go.microsoft.com/fwlink/?LinkId=68775).

Click the associated link in the following section for an explanation of terms used in conjunction with this feature, and for more detailed information on how Network Access Protection works in Configuration Manager.

In This Section

See Also

Concepts

Prerequisites for Network Access Protection
Troubleshooting Network Access Protection
Network Access Protection Security Best Practices

Other Resources

Software Updates in Configuration Manager
Planning for Network Access Protection
Configuring Network Access Protection
Configuring the Network Policy Server for Configuration Manager
Technical Reference for Network Access Protection

For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.