Questions about MS-NAP integration
We are looking into a deployment and how it could integrate with MS NAP. I'm no MS NAP expert so I would like to exploit your expirience on the field.
I understand that FSCS has NAP integration so it can report to MS-NAP it's health state. Based on the result the an 802.1 compliant switch can isolate / restrict the client.
But here are my questions:
1. Is it possible for NAP to isolate new and unprotected computers? E.g. detect that a computer does not have F-secure installed on it and thus 'command' it's isolation.
2. If Question 1 is yes, this can happen on workstations that are part of the domain or stand-alone workstations also?
3. Could MS NAP used to automatically deploy F-Secure software to the endpoint? Again feedback needed in case the endpoint is part of a windows domain, and in case it is a stand-alone (a visitor's laptop) host