Last fall, I wrote a TechRepublic series on Microsoft's network access protection (NAP or MS-NAP) implementation with the coming release of Windows Server 2008. The Vista client natively supports the MS-NAP implementation while Windows XP needed SP3 to advance to participation status. Windows XP service pack 3 is in the release candidate 2 phase currently. Like most modern Microsoft updates, SP3 includes new functionality to XP. This is a welcome advance given the current adoption level of Windows Vista in enterprise computing environments.
The MS-NAP implementation measures system health on Windows XP clients by interacting with an enforcement policy that is controlled by the network policy server or NPS in your Active Directory environment. The Windows XP health checks are not as in depth as those available to Windows Vista clients; anti-spyware awareness is only available on Vista for example. The NPS has the following System Health Validators for XP that become aware on Windows XP SP3:
MS-NAP XP Configuration
While most enterprises would likely not look to a Microsoft for a NAP solution, the small business may find great success with MS-NAP. Setting up a NAP policy is quick and easy, and provides the base functionality that would be adequate for most installations. Adequate reading is due if you are considering the MS-NAP implementation because there are many roles that may or may not be required in every situation.
Windows XP SP3 is in the release candidate stage and should not be used for a live installation, but this would be a good time to plan a NAP implementation with Windows Server 2008 NPS should MS-NAP be a valid option for protecting the network entry points.