Use of NAC at Columbia University Medical Center in New York City revealed that slightly more than half the machines using the network flunked endpoint checks.

As part of the school’s pilot of Bradford Networks’ NAC gear, machines were scanned as they tried to gain network access during the 2007 summer session, according to a recent presentation by the company at Network World’s IT Roadmap event in Washington, D.C.

The equipment found that 53% of the machines either lacked operating system patches or virus updates that were required for any machine joining the network.

This finding points out the importance of running trials before turning on NAC devices. Many network executives have endpoint configuration policies in place, and may even use automated update platforms to keep them in compliance, but compliance may be dismal nevertheless.

Some early adopters have reported that they turned NAC on without first running it in monitoring mode and had a horrible surprise. And so did their end users. Machines out of compliance were rejected, so many that the company help desk was swamped with complaints from users denied network access.

Running NAC in monitoring mode, identifying the scope of the problem and remediating it before initially turning on the devices in enforcement mode can save these headaches, particularly if the NAC gear doesn’t automatically direct users to remediation.

To view presentations from the Network World IT Roadmap event, go here, you’ll have to create an account with a user name and password. There’s no questionnaire, so it’s pretty fast. Then choose Washington, D.C. from the dropdown menu.

Tim Greene is senior editor at Network World.