Using Network Access Quarantine Control

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Network Access Quarantine Control provides phased network access for client computers that connect to the network by using VPN or dial-up remote access. By using connection request policies and remote access policies, you can apply the MS-Quarantine-IPFilter attribute, the MS-Quarantine-Session-Timeout attribute, or both attributes to restrict clients to quarantine mode. During quarantine mode, an administrator-provided network policy requirements script is run on the client computer. After the client computer configuration is either brought into or determined to be in accordance with your organization’s network policy, quarantine mode is removed by the network access server, and standard remote access policy is applied to the connection.

You can implement Network Access Quarantine Control with one or more servers running Windows Server 2003 and the Routing and Remote Access service, one or more servers running Windows Server 2003 and IAS, a Connection Manager (CM) profile created with Connection Manager Administration Kit (CMAK), an administrator-provided script, and two additional components: the notifier component and the listener component. You can create your own notifier and listener components, or you can use Rqs.exe (a listener component) and Rqc.exe (a notifier component), which are available in the Windows Deployment and Resource Kits.

For more information, see "Deploying Dial-up and VPN Remote Access Servers" and "Deploying Remote Access Clients Using Connection Manager" in this book.