Windows XP SP3: Enable Windows Vista "Native Network Access Protection"

Kevin Remde, IT Pro Evangelist for Microsoft described the actions that users need to take in order to “enable the NAP Client on XP SP3. Enable the Network Access Protection Agent service to start automatically (same as with Vista – either on the local machine or through Group Policy): Start, Run, Services.msc. Change the Network […]

Kevin Remde, IT Pro Evangelist for Microsoft described the actions that users need to take in order to “enable the NAP Client on XP SP3. Enable the Network Access Protection Agent service to start automatically (same as with Vista – either on the local machine or through Group Policy): Start, Run, Services.msc. Change the Network Access Protection Agent service to start automatically. Start the Network Access Protection Agent service. Enable the proper NAP Enforcement Clients (no MMC snap-in option on XP SP3, so it’s different if you want to enable it on the client without using Group Policy): Start, Run, CMD.exe. Type netsh nap client set enforcement ID = ##### Admin = "Enable". Enable and start the Security Center service: Run. GPEdit.msc. Drill down to Computer Configuration | Administrative Templates | Windows Components | Security Center. Enable the Security Center. Start. Run. Services.msc. Start the Security Center service”.

Users will need to specify the ID for the specific enforcement methods they want to use. This means that the ##### segment will have to be replaced with IDs such as: DHCP = 79617; RAS = 79618; IPSec = 79619; TS Gateway = 79621 and EAP = 79623 (via TheLazyAdmin). In the end, administrators will be able to provide superior network protection by managing compliance with system health requirements via NAP. What the tool does specifically is permit the setup of customized health policies designed to analyze computers and validate their health status. Through NAP already compliant machines can be updated in order to ensure a standard level of "health" while non-compliant computers can be locked out of the network.