Under NAQC, when a client establishes a connection to a remote network's endpoint (a machine running the Routing and Remote Access Service included in Windows Server 2003), the destination DHCP server gives the remote, connecting computer an IP address, but a server running Microsoft's Internet Authentication Service (also included in Windows Server 2003) establishes a "quarantine mode." In quarantine mode, the following restrictions are in effect:

A set of packet filters is enabled that restricts the traffic sent to and received from a remote access client.

A session timer is enabled that limits the duration of a remote client's connection in quarantine mode before being terminated.

The standards with which connecting remote computers must comply are solely defined by the network administrator, and compliance is checked with a script that the administrator creates based on these guidelines.

To use NAQC, the remote machines connecting to your NAQC-enabled endpoint need to be running Windows 98 Second Edition, Windows Millennium Edition, Windows 2000 Professional or Server, or Windows XP Home or Professional. These versions of Windows support a Connection Manager "connectoid," or profile, located in the Network Connections element in the user interface. The profile enables dial-up or VPN connectivity and contains three essential elements: