Network Access Protection (NAP) Client
Applies To: Windows Server 2008
The Network Access Protection (NAP) client allows a Windows-based computer to participate as a client in the NAP infrastructure. The NAP client includes some core platform components; other components can be installed to provide additional features and functionality. By default, the NAP client includes the following components:
- NAP agent
- Windows Security Health Agent
- NAP enforcement clients for the following types of network access and communication methods:
- Internet Protocol security (IPsec)-protected communications
- 802.1X-authenticated connections
- Virtual private network (VPN) connections
- Dynamic Host Configuration Protocol (DHCP) configuration
- Terminal Services Gateway (TS Gateway) connections
Managed Entities
The following is a list of the managed entities that are included in this managed entity:
Name | Description |
---|---|
The Network Access Protection (NAP) Agent is the primary service that allows a computer to function as a NAP client. The NAP Agent service is responsible for gathering client health data from the installed system health agents (SHAs) and forwarding that information to NAP enforcement clients for evaluation. |
|
Windows Security Health Agent (WSHA) is included with the Network Access Protection (NAP) client on computers running Windows Vista or Windows XP with Service Pack 3 (SP3). The WSHA is used to monitor the state of Windows Security Center and report this information to the NAP Agent service for inclusion in the client's statement of health (SoH). |
|
Network Access Protection (NAP) supports Internet Protocol security (IPsec) policies as a means of enforcing computer compliance with network health requirements. IPsec policies can be created to require that incoming network connections are accepted only from computers with a valid health certificate. These health certificates are managed by the IPsec enforcement client. The IPsec enforcement client requests a health certificate for the client computer if the client meets network health requirements; it removes the health certificate upon the expiration of its validity period, or if the client becomes noncompliant with network health requirements. Note: The IPsec enforcement client is called the IPsec Relying Party in the NAP client configuration console and Netsh nap client context. |