Network Access Protection Agent

Description:

Enables Network Access Protection (NAP) functionality on client computers.

NAP makes it possible to specify health policies, that ensures client computers doesn’t get access to the trusted network unless they satisfy the wanted security levels. This can be used for laptop computers that might have been connected to insecure hotspots or similar before connecting to the corporate network.

Note depending on which System Health Validators (SHVs) are used in the health policies, the client System Health Agents (SHAs) may need different operating system components. For example Security Center must be enabled to use Microsoft’s Windows Security Health Validator (WSHV).

Note Windows Vista/2008 includes a NAP Client Configuration MMC (napclcfg.msc), but WinXP SP3 only has the netsh tool available:

netsh nap client set enforcement ID = <id> Admin = “Enable”

Where <id> can be:

• DHCP = 79617
• RAS = 79618
• IPSec = 79619
• TS Gateway = 79621
• EAP = 79623

More Info Cable Guy – Network Access Protection Platform Overview
More Info Cable Guy – Troubleshooting NAP Enforcement
More Info MS Technet - Network Access Protection (NAP)
More Info MSDN - NAP Client Architecture

Recommended state:

• Manual

Default State:

• Manual

Proces name:

• Win8/Win7/Vista: svchost.exe -k NetworkService (napagent)
• WinXP SP3: svchost.exe -k netsvcs (napagent)

Supports:

• none

Depends:

• Remote Procedure Call (RPC)