You can use the Network Access Protection (NAP) Client Configuration console, NAP client configuration settings in Group Policy, or Netsh commands for NAP client configuration to enable and disable NAP enforcement clients. A NAP enforcement client is responsible for requesting access to a network, communicating a client computer's health status to the NAP server that is authorizing the network access, and communicating the connection status of the client computer to other components of the NAP client architecture.

There are six available enforcement clients corresponding to the following network access mechanisms:

Enforcement client Description

Dynamic Host Configuration Protocol (DHCP)

Enforces health policies when a client computer attempts to obtain an IP address from a NAP-enabled DHCP server.

Internet Protocol security (IPsec)

Enforces health policies when a client computer attempts to communicate with another computer using IPsec.

Remote Desktop Gateway (RD Gateway)

Enforces health policies on a computer attempting to access a remote desktop gateway.

Extensible Authentication Protocol (EAP)

Enforces health policies when a client computer attempts to access a network through an EAP-authenticated network connection, such as 802.1X wired and wireless connections. If the client computer is running Windows® 7, the EAP enforcement client is also used for virtual private network (VPN) connections.

Remote access

Enforces health policies when a client computer running Windows Vista® or Windows XP with Service Pack 3 (SP3) attempts to gain access to the network through a NAP-enabled VPN server.

Wireless EAP over LAN (EAPOL)

Enforces health policies when a client computer running Windows XP SP3 attempts to access a network through an 802.1X-authenticated wireless connection network connection.

When to perform this task

To deploy NAP in your organization, you must enable at least one NAP enforcement client on client computers. You might also need to enable additional enforcement clients as your network health requirements change and you want to enforce health policies through other network access mechanisms.

You might need to disable enforcement clients when you are troubleshooting network access problems or when your health requirements change and you want to enforce health policies by using other enforcement clients.

To complete this task, perform the following procedures:

Enable and Disable the DHCP Enforcement Client

Enable and Disable the IPsec Enforcement Client

Enable and Disable the RD Gateway Enforcement Client

Enable and Disable the EAP Enforcement Client

Enable and Disable the Remote Access Enforcement Client

Enable and Disable the Wireless EAPOL Enforcement Client

Additional references


Table Of Contents