Tim, the extreme general position you are advocating - to heavily favor user productivity over network security in setting an organization's security policies for employees/students is incomprehensible - as it is both unwise and unnecessary. Read my article "Balancing Network Security And the User Experience" to better understand the more reasonable and comprehensive set of policy trade-offs available with leading NAC products (http://www.secureaccesscentral.com/breakaway/news_mar2007.php).
Would you recommend that investors buy and hold stocks for only one day - once every 30 days - in order to generate a "rational" risk-adjusted return on their money?
NAC scanning performance and NAC policies should minimize or eliminate user wait times. And remediation policies should never be simply binary.
And computers used by regular employees should never be viewed as materially more "safe" than visitors. There is simply no objective basis for this view.
Dana Hendrickson, Publisher, Secure Access Central.
