NAP can be broken down into key components:

-- Health policy validation: Validation is the process of examining a machine attempting to connect to the network and checking it against certain criteria that an administrator sets.

-- Health policy compliance: Compliance policies can be set so that managed computers that fail the validation process can be automatically updated or fixed via Systems Management Server or some other management software.

-- Limited access: Limiting access can be the enforcement mechanism for NAP. It's possible to run NAP in monitoring-only mode, which logs the compliance and validation state of computers connecting to the network, but in active mode, computers that fail validations are put into a limited-access area of the network, which typically blocks almost all network access and restricts traffic to a set of specially hardened servers that contain the tools most commonly needed to get machines up to snuff.

Keep in mind that NAP is only a platform by which these checks can be made -- pieces of the puzzle are still needed after deploying Longhorn Server, including system health agents (SHA) and system health validators (SHV) that ensure that checks and validations are made on each client machine. Windows Vista will ship with default SHAs and SHVs that can be customized.