Windows Server 2008’s network access protection (NAP) functionality has been updated with the R2 release. I did a big series on the Microsoft NAP offering when it came out for Windows functionality, wireless NAP, Windows client usage of NAP, and enterprise NAP considerations. The R2 release of Windows Server 2008 offers the following new features for Microsoft’s NAP implementation:

  • System health validator (SHV) has been updated to support multiple configurations, referred to as multi-configuration SHV. This allows a health policy to be applied based on their connection state, with the most obvious example being VPN-connected systems receiving one policy and LAN-connected systems receiving another.
  • Windows 7 is supported for NAP configurations with the release of both Windows Server 2008 R2 and Windows 7.
  • The network policy server (NPS) introduces templates for many configuration points within NPS. These also can be imported and exported to other NPS servers.
  • RADIUS accounting has been improved to allow additional logging options to SQL Server and text logging, including centralized logging.

It is also important to note that only certain versions of Windows permit NPS functionality. Enterprise and Datacenter editions allow full NPS features, Standard edition offers a maximum of 50 RADIUS clients, and Web edition does not support NPS.

Does Microsoft’s NAP implementation make sense for most environments? Larger environments may have more success with a NAP solution from a network-centric product by Cisco or Juniper. Microsoft’s NAP solution covers all the bases and offers a lot of policy options for a relatively new offering in the market. Where does NAP fit in your environment, and is Microsoft in the mix? Share your comments below.