-- Health policy validation. Validation is the process where the machine attempting to connect to the network is examined and checked against certain health criteria that an administrator sets. This criteria can include patch state, service-pack level, presence of AV software and so on.

-- Health policy compliance. Compliance policies can be set so that managed computers that fail the validation process can be automatically updated or fixed via Systems Management Server or some other management software. This is an optional, but very useful, part of NAP.

-- Limited access. Access limiting can be the enforcement mechanism for NAP. It's possible to run NAP in monitoring-only mode, which logs the compliance and validation state of computers connecting to the network. But in active mode, computers that fail validations are put into a limited-access area of the network, which typically blocks almost all network access and restricts traffic to a set of specially hardened servers that contain the tools most commonly needed to get machines up to snuff.

Here's the basic process for a NAP session and the various bits and pieces that are involved:

1. A client asks for access to the network and presents its current state of health to the Dynamic Host Configuration Protocol (DHCP) server, virtual private network (VPN) server or a compatible switch or router.