Last year I commented that network access protection (NAP) had slipped from a planned feature pack for ISA Server 2004 to Windows Server 2003 Release 2 (R2). Well, it seems that has changed. Confirming what I wrote last March, when I blogged about the need for network segmentation and remediation, Steve Lamb commented at last week’s Microsoft Technical Roadshow that NAP will be a feature of the next version of Windows Server (codenamed Longhorn) and not in the R2 release scheduled for later this year.
Apparently the reasons for this are that NAP will require kernel mode changes (and there will be no kernel mode changes in R2) and the extra time will allow Microsoft and Cisco to ensure that NAP (Microsoft) and NAC (Cisco) play nicely together.
Until then we will have to make do with the network access quarantine controls (originally part of the Windows Server 2003 resource kit and productionised as part of the release of Windows Server 2003 service pack 1). The main differences are that network access quarantine control allows quarantining of inbound connections via the Windows routing and remote access service, but NAP will will support quarantine for wired and wireless LAN connections too.