karl
Sat Sep 02 09:24:59 CDT 2006
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:edlXI3hzGHA.4308@TK2MSFTNGP03.phx.gbl...
> NAP = network access protection
> There is an initial release from Microsoft with W2k3 R2, and
> published info on the evolution of this with future release.
> Third parties, specifically the main networking players, would be
> glad to also sell you the needed.
>
> Basically, clients are shunted onto a limited vlan until they have
> submitted to and passed scripted examination (failing which they
> can get to the needed installables).
Unless I'm mistaken, NAP only works for DHCP clients that are Windows XP and
newer? and the fullly functional release won't be until the OS after Vista
is released some years from now. I would have to recommend you look into
similar NAC Network Admission Control offerings from Cisco, Enterasys,
Juniper or others. I believe Cisco requires you to have all Cisco 802.1x
switches, whereas the Enterasys solution works with switches from multiple
vendors. In most implementations, 802.1x switches are used with a central
RADIUS server and third party antivirus and patch management servers that
are accessible from an isolated VLAN. I don't know whether any of these
solutions fit into your budget or not.
--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
--------------------------------
Microsoft Security FAQ:
http://securityadmin.info