Q. What does a client need to enable network access protection (NAP)?

A. NAP support is built into Windows Vista, Server 2008 and Windows XP SP3, but is disabled by default.

For a client to participate in NAP, you must set the NAP Agent service (Napagent) to start automatically. You also need to enable the NAP enforcement clients you must use. You can manually enable the NAP Enforcement clients with the Napclcfg.msc utility.

Then the client will be ready for core NAP functionality. Depending on which System Health Validators (SHVs) are used in the health policies, the client System Health Agents (SHAs) may need different operating system components. For example, if you use the Microsoft-provided Windows Security Health Validator, you must configure the client to always run Security Center so the client-side SHA can get its information. Configure the client to run Security Center through the Computer Configuration. Select Administrative Templates, then Windows Components. Next find Security Center, and turn it on.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.