NAP Ready For Its Awakening

Microsoft's NAP (Network Access Protection) has been a long time coming for those of us working in the security industry. The first real evidence of NAP was the NAP client shipped in Vista and in Windows XP's SP2 (correction XP SP3) update. The server component for actually applying policies and managing enforcement required the then dubbed Longhorn release, which we now know as Windows Server 2008.

My interest was peaked again this week when Jeff Wettlaufer, Sr. Technical Product Manager of Microsoft's System Center Configuration Manager, put up a blog post about SCCM's role in the Microsoft NAP process. You almost hear the excitement in Jeff's voice when reading his blog post about the launch of Windows Server 2008.

Jeff has agreed to join me on a future episode of the Converging On Microsoft Podcast which will probably air around the time of Windows Server 2008 launch on February 27th. I've also asked my friend Amith Krishnan, Sr. Product Manager of Microsoft's NAP, to join me on a podcast too, so hopefully he'll be on to give us the skinny on all the NAP capabilities available with Windows Server 2008. Amith previously appeared on episode 42 my personal SSAATY Podcast.

As a lead up to NAP's availability in Server 2008, I thought I'd supply a few overviews on what NAP is and how it works. Here's an excerpt from Jeff's blog post describing a scenario using NAP.

A typical scenario could be this. Microsoft releases the standard patch Tuesday round of updates, and Woodgrove Bank (our fictitious company we use as an archetype in our demos) brings these into their environment, tests and releases these. Through the release process, these updates can actually be given a window of time where they are made available, both to network clients, (online and WoL) as well as Internet Based Clients (yup we do that now). But, the Woodgrove bank also has a security policy that updates must be enforced, so part of our release of updates could include NAP evaluation after a certain date. So, for example, we make the update available for say 2 weeks, but after that, we will NAP enforce the presence of that update on clients.

And here's a video demonstration.

 Video: Configuration Manager Network Access Protection 

Like this? Here are some of Mitchell's recent posts.

Vista Starter - The Easy Button For Vista

vLite Puts Vista On Diet

Comic Strip About IT Heroes

Controlling Upgrades A Thing Of The Past?

SQL Server 2008, er...2009?

Check out Mitchell's Converging On Microsoft Podcast. Also visit Mitchell's personal blog The Converging Network and SSAATY Podcast. Visit Microsoft Subnet for more news, blogs, opinion from around the Web. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)