The default NAP policy is enforced on all PCs in the same domain. This policy may not support policies that are differentiated based on the actual user groups. UNETSHA supports login ID based policy enforcement for exceptional cases to make NAP policy enforcement more flexible.

With over 7,000 managed objects provided by Windows Management Instrumentation, administrators can use software and hardware objects to control the network access. For example, terminals using external mass storage devices or unauthorized wireless network adapters can be quarantined from the corporate network.

When implementing NAP on your network, you may have to deal with not only Windows terminals, but also Linux and Mac terminals. UNETSHA provides Windows, Linux and Mac agents for a seamless network access protection platform in a heterogeneous environment.

Network Access Quarantine Control (NAQC) is a set of services and utilities available for Windows Server 2003 that lets you prevent remote users from connecting to your network with machines that are not up to date and quarantine those users in a secured area. The migration of compliance checks is critical in the transition from the NAQC environment to the NAP environment. UNETSHA supports migration from NAQC to NAP through script-level compatibility when you make a NAP policy.

UNETSHA allows administrators to manage agent update packages from the main management console without the need for any additional applications. The NAP agents are updated automatically according to the operating system when the network is accessed.

When you deploy multiple NPSs with different policies in multiple domain environments, administrators have no choice but to perform management tasks for each one. For this scenario, UNETSHA supports the centralization or decentralization of NAP management tasks and provides a feature multiple domain support. Administrators can manage each domain’s policy in a separate console or all the domains’ policies in one management console.

The default NAP policy enforces to all the PCs in the same domain. In real-world network environment, a domain might consist of many user groups and user types. The NAP policy needs to support this structural property for better security scheme. To support this, UNETSHA supports user and group based policy enforcement so that administrator can enforce tailored health check policy against respective user and user group. Furthermore, the policy enforcement cycle can be set by once or periodically depending on the characteristics of the policy.

Enterprise usually configure and manage their departments hierarchically. In administrative point of view, enterprise-wide NAP policy should support this hierarchical characteristic. UNETSHA supports hierarchical group and policy management so that administrator can manage NAP policies on actual organization basis. The precedence of NAP policy enforcement is in the following order; user - group - upper group - root group policies. The root group policy can be used as global policy.

To support additional PC health check capabilities, UNETSHA allows plug-ins for a variety of health check programs independent of their type (VBS, EXE, BAT, etc.). This feature is included in the RQS Package to strengthen NAP policy enforcement through a diverse variety of PC health check programs.

Linux and Mac versions include NAP agent with ECs for 802.1X authenticated connections and DHCP-based IPv4 address configuration. The supported EAPs in 802.1X are PEAP version 0/1/2, PEAP-MSCHAP v2, EAP-MD5, EAP-TLS, EAP-TTLS, EAP-GTC and LEAP.