The new Network Access Protection (NAP) platform built into Windows Vista, Windows Server 2008, and Windows XP SP3 helps protect your private intranet by enforcing compliance with computer health requirements. Key components of NAP are NAP clients, NAP enforcement points, and NAP health policy servers. A NAP client is a computer that can provide health status information for system health evaluation. A NAP enforcement point is a computer or network access device that uses NAP or can be used with NAP to require the evaluation of a NAP client's health state and provide restricted network access or communication. A NAP health policy server is a computer that is running Windows Server® 2008 and the Network Policy Server (NPS) service that stores health requirement policies and performs health evaluations of NAP clients. The NAP health policy server and NAP enforcement points exchange system health information and restricted access instructions with the Remote Authentication Dial-In User service (RADIUS) server and proxy messages.

In this column, I describe the components of a health requirement policy, how the NPS service processes incoming requests for NAP evaluation, and how to troubleshoot the most common issues with NAP enforcement.