Your network consists of one Active Directory domain. All servers run Windows Server 2008.
You need to plan access restriction policies for the network. The plan must support the following
restrictions:
Only computers that run Windows Vista must be able to access the network.
Only computers that have Windows Firewall enabled must be able to access the network.
What should you include in your plan?
A.
Implement Authorization Manager.
B.
Implement Network Access Protection (NAP) on a single server in the domain.
C.
Create a Group Policy object (GPO) linked to the domain. Enable the Windows Firewall settings in
the GPO.
D.
Create a Group Policy object (GPO) linked to the Domain Controllers organizational unit (OU).
Enable the Windows Firewall settings in the GPO.
Explanation:
To configure access restriction policies for the network which would only allow Windows Vista
computers that have Windows Firewall enabled to access the network, you need to implement
Network Access Protection (NAP). NAP uses System Health Agent (SHA) to check if the specified
system health requirements are fulfilled. The SHA can verify whether the Windows Firewall is on;
antivirus and antispyware software are installed, enabled, and updated; Microsoft Update Services is
enabled, and the most recent security updates are installed. If the system is not in the required
state, the SHA can then start a process to remedy the situation. For example, it can enable Windows
Firewall or contact a remediation server to update the antivirus signatures
Windows Server 2008 NAP (Network Access Protection) infrastructure
http://4sysops.com/archives/windows-server-2008-nap-network-access-protection-infrastructure/