NAP and Forefront

Posted By: Adam Bomb | Mar 4th @ 12:01 AM
If you've seen NAP demo'd in the past year or so, chances are the demo was shown with NAP in conjunction with the Windows Security Center, since by default that's the System Health Agent (SHA) included with Vista.  NAP has an extendable architecture, which allows other providers to write their own SHA's so that NAP works with other products as well.
In this 9 minute demo, Jeff Sigman from the Nap team shows NAP working with Forefront Client Security (FCS) for enforcement and remediation.  In his own words:

I recorded a video earlier today because of how excited I was to show off the latest development in the world of NAP. The NAP team has worked directly with the Solutions Accelerators team as well as the Forefront team to bring you integration between NAP and Forefront Client Security (FCS) 1.0. Once released, it will be a free download through the Solutions Accelerators TechNet site.
Tags: , , ,
Rating:
0
0
#Mar 4th @ 9:59 AM
MrNAP
MrNAP

Thanks for getting this posted Adam. I am super excited to give a sneak peak of Forefront's tight integration with NAP.

Please feel free to post any questions here and I will do my best to get them answered!

Jeff Sigman
Senior Program Manager

Network Access Protection (NAP)

 

Please check out the NAP Blog, FAQ, Forum, MSDN, Site and even my Personal Blog.

#Mar 4th @ 8:42 PM
TheContempt
TheContempt

Great video, Jeff! It was quite informative and something I'd wanted to see for quite some time. I am curious about one thing though:

How are health policies applied when assessing machines connected via a VPN? I know Microsoft has taken GPO processing out of the Winlogon process and is now relying on NLA to make the determination as to what policies to apply. Does NAP leverage the same model when remediating remote clients? Thanks!

+Josh (Wa)

#Mar 4th @ 8:53 PM
neil
neil
This is very cool, especially the auto remediation for people who do not know what they have to do to get their PC back in policy...
#Mar 6th @ 2:36 PM
MrNAP
MrNAP

Thanks Josh! :->

Great question about VPN. NAP supports VPN in XP and Vista (as the client) and the server is built-in to Server 2008.

The great thing about NAP/VPN is it is applied on a per-connection basis at the server itself. This means, when you VPN in your “compliance” is checked right away. Until you are “compliant”, your connection is limited at the VPN server. As soon as the client matches policy the restrictions are lifted at the VPN server and the end-user may not even have noticed his connection was limited.

Let me know if I can further clarify anything.

- Jeff

#Mar 6th @ 2:41 PM
MrNAP
MrNAP

Exactly Neil. The idea is to fix people up and hopefully they never even knew we were working on their machine (making it compliant). Bottom-line is NAP does not want to generate helpdesk calls. :->

- Jeff

#Mar 13th @ 5:51 PM
AdamBomb
AdamBomb
David just let me know that there are some public resources now available for Forefront Integration with NAP. 

To learn more about the Kit, sign in to the Microsoft Connect Web site. Or, to join the program, click here.  

-ac

 

#May 19th @ 7:29 PM
Rustblack
Rustblack
How can this help me detect if wireless cards are active on any wired host or otherwise detect all wireless NICs that are directly connected to my Ethernet?  That would be a boon feature, if even only limited to detecting docked Windows laptops with active/bridged wireless adapters.

Thanks,

JR

PS Great vids on the NAP topic.