Enable Vista-Native Network Access Protection on XP SP3

Network Access Protection (NAP) is one of the few features that were actually added to Windows XP SP3. However, the management of the policy enforcement platform present by default in both Windows Vista and Windows Server 2008 is not as streamlined on XP SP3 as it is in the latest server and client operating systems. In Vista for example all that end users need to do is start the service through the NAP Client Configuration MMC (napclcfg.msc). The same is not valid for XP SP3 RTM Build 5512, as the service pack fails to include the NAP Client Configuration MMC tool. But at the same time, the missing NAP Client snap-in is by no means a show stopper. Just knowing that Microsoft integrated NAP in XP SP3 is sufficient to provide clues as to how to handle the feature.

Kevin Remde, IT Pro Evangelist for Microsoft described the actions that users need to take in order to "enable the NAP Client on XP SP3. Enable the Network Access Protection Agent service to start automatically (same as with Vista - either on the local machine or through Group Policy): Start, Run, Services.msc. Change the Network Access Protection Agent service to start automatically. Start the Network Access Protection Agent service. Enable the proper NAP Enforcement Clients (no MMC snap-in option on XP SP3, so it's different if you want to enable it on the client without using Group Policy): Start, Run, CMD.exe. Type netsh nap client set enforcement ID = ##### Admin = "Enable". Enable and start the Security Center service: Run. GPEdit.msc. Drill down to Computer Configuration | Administrative Templates | Windows Components | Security Center. Enable the Security Center. Start. Run. Services.msc. Start the Security Center service".

Users will need to specify the ID for the specific enforcement methods they want to use. This means that the ##### segment will have to be replaced with IDs such as: DHCP = 79617; RAS = 79618; IPSec = 79619; TS Gateway = 79621 and EAP = 79623 (via TheLazyAdmin). In the end, administrators will be able to provide superior network protection by managing compliance with system health requirements via NAP. What the tool does specifically is permit the setup of customized health policies designed to analyze computers and validate their health status. Through NAP already compliant machines can be updated in order to ensure a standard level of "health" while non-compliant computers can be locked out of the network.