NAP Support

NAP Support
SP3's most important new feature is that it makes XP computers Network Access Protection (NAP) capable. NAP is a security platform built into Windows Vista, Windows Server 2008, and now XP SP3 that allows you to protect network resources by enforcing clients' compliance with system health requirements. NAP can quarantine clients that don't meet security policies (e.g., clients that aren't up-to-date with the latest patches) until they're compliant. You can find more information about NAP in the Windows IT Pro article "Network Access Protection in Windows Server 2008" at http://www.windowsitpro.com/Article/ArticleID/95617/95617.html.

XP SP3 installs the NAP Agent service, which enables the computer to declare its state of health to the NAP Network Policy server. If you want the NAP Agent service to start automatically when the XP system does, you'll need to configure the startup type to Automatic on that system. XP SP3 lacks Vista's console for administering NAP enforcement agents, so if you want to enable or disable some NAP enforcement agents, you'll have to use the NAP context in Netsh. For example, if you want to enable the DHCP NAP enforcement agent, type the command

Netsh nap client set enforcement ID=79617
    ADMIN=”ENABLE”

Use the same syntax, replacing "ENABLE" with "DISABLE," to disable the NAP enforcement agent. To see the IDs for all the XP SP3 enforcement agents, type

Netsh nap client show configuration

XP SP3 has the same NAP enforcement agents as Windows Vista. After you start the NAP Agent service and enable the proper enforcement agents, your XP SP3 system is ready for NAP.