You are an Enterprise administrator for contoso.com. The corporate network of the company consists of a single Active Directory domain. The functional level of the domain is Windows Server 2008. All the domain controllers on the domain run Windows Server 2008 and all client computers run Windows Vista.
Which of the following options would you choose to plan a network access solution that ensure that only client computers that have the most up-to-date service packs can be granted general network access and all noncompliant client computers must be redirected to a specific Web site?
A.
Use Windows Server Update Service (WSUS)
B.
Use Active Directory Rights Management Services (AD RMS)
C.
Use Domain Isolation
D.
Use Network Access Protection (NAP)
E.
None of the above
Explanation:
To plan a network access solution that ensure that only client computers that have the most up-to-date service packs can be granted general network access and all noncompliant client computers must be redirected to a specific Web site, you need to implement Network Access Protection (NAP).
Network Access Protection (NAP) is one of the most desired and highly anticipated features of Windows Server 2008. NAP is a new platform and solution that controls access to network resources based on a client computer’s identity and compliance with corporate governance policy. NAP allows network administrators to define granular levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access.
With 802.1X enforcement, a computer must be compliant to obtain unlimited network access through an 802.1X-authenticated network connection Administrators can create solutions for validating computers that connect to or communicate on their networks, provide needed updates or access to needed resources, and limit the network access of computers that are noncompliant. The validation and enforcement features of NAP can be integrated with software from other vendors or with custom programs.
Note NAP is not designed to protect a private network from malicious users. It is designed to help administrators maintain the system health of the computers on a private network. NAP is used in conjunction with authentication and authorization of network access, such as using IEEE 802.1X for wireless access.
Reference: Network Access Protection Platform Overview http://technet.microsoft.com/hi-in/library/bb878083(en-us).aspx
Reference: Security and Policy Enforcement
http://www.microsoft.com/windowsserver2008/en/us/security-policy.aspx