Enforcing NAP (Exam 70-264) -- Microsoft Certified Professional Magazine Online

Enforcing NAP (Exam 70-264)

By Andy Barkl
11/10/2008

Which of the following are valid methods of NAP enforcement to control access to the network for healthy and unhealthy clients in Windows 2008? (Choose all correct answers.)

DHCP for address lease or renewal.
IPSec for secure, boundary, and restricted network access.
RRAS for VPN remote access.
802.1x control for restricted or unrestricted VLAN access.

Trick question, as all answers are correct. Windows 2008 NAP enforcement options include DHCP, VPN, 802.1x, and IPSec to allow healthy clients full network access but unhealthy clients limited or no access.

NAP healthy and unhealthy clients are defined by configuring NAP System Health Validators placed on the NPS.

SHVs are set by IT administrators and placed on system health servers. Clients requesting network access provide their statement of health to network access devices which are forwarded to the IAS policy server. It compares the SoH against the defined SHV and notifies the NAD whether to allow the client full or restricted access. If the client is deemed unhealthy it is referred to the fix-up servers for virus, malware, or firewall remediation.

About the Author

Andy Barkl, MCT/MCITP/MCSA, A+, Network+, Security+, CCNA has been studying technology for 30 years. Of the last 15 years, he has spent much of his time parting the knowledge and experience he has gained through IT exams, over 300, to help others be prepared and successful. He teaches classes in Phoenix, Ariz. where he has lived most of his life. He can be reached by e-mail at [email protected].