Network Access Protection

Network Access Protection (NAP) is a Microsoft technology for controlling network access of a computer, based on its health. With NAP, system administrators of an organization can define policies for system health requirements. Examples of system health requirements are whether the computer has the most recent operating system updates installed, whether the computer has the latest version of the anti-virus software signature, or whether the computer has a host-based firewall installed and enabled. Computers with a NAP client will have their health status evaluated upon establishing a network connection. NAP can restrict or deny network access to the computers that are not in compliance with the defined health requirements. Network Access Protection (NAP) is a Microsoft technology for controlling network access of a computer, based on its health. With NAP, system administrators of an organization can define policies for system health requirements. Examples of system health requirements are whether the computer has the most recent operating system updates installed, whether the computer has the latest version of the anti-virus software signature, or whether the computer has a host-based firewall installed and enabled. Computers with a NAP client will have their health status evaluated upon establishing a network connection. NAP can restrict or deny network access to the computers that are not in compliance with the defined health requirements. NAP was deprecated in Windows Server 2012 R2 and removed from Windows Server 2016. Network Access Protection Client Agent makes it possible for clients that support NAP to evaluate software updates for their statement of health. NAP clients are computers that report their system health to a NAP enforcement point. A NAP enforcement point is a computer or device that can evaluate a NAP client’s health and optionally restrict network communications. NAP enforcement points can be IEEE 802.1X-capable switches or VPN servers, DHCP servers, or Health Registration Authorities (HRAs) that run Windows Server 2008 or later. The NAP health policy server is a computer running the Network Policy Server (NPS) service in Windows Server 2008 or later that stores health requirement policies and provides health evaluation for NAP clients. Health requirement policies are configured by administrators. They define criteria that clients must meet before they are allowed undeterred connection; these criteria may include the version of the operating system, a personal firewall, or an up-to-date antivirus program. When a NAP-capable client computer contacts a NAP enforcement point, it submits its current health state. The NAP enforcement point sends the NAP client’s health state to the NAP health policy server for evaluation using the RADIUS protocol. The NAP health policy server can also act as a RADIUS-based authentication server for the NAP client.