3.1.5.8 Policy Administration for Network Access Protection
This section describes the Network Access Protection administrative plug-in.
The Network Access Protection policy settings are data structures defined in [MS-GPNAP]. They are registry settings and are administered by the Group Policy: Network Access Protection protocol administrative plug-in. The Network Access Protection administrative plug-in queries and persists these settings in the registry.pol registry policy file under the computer-scoped Group Policy Object path.
The NAP Group Policy administrative plug-in MUST invoke the following event to load the registry.pol file:
Load Policy Settings Event (section 3.1.4.1).
The NAP Group Policy administrative plug-in MUST invoke the following events to update the registry.pol file:
Update Policy Settings Event (section 3.1.4.2).
Update Group Policy Extension event specified in [MS-GPOL] section 3.3.4.4 with the following parameters:
GPO DN is set to the distinguished name of the Administered GPO (the GPO targeted by the Network Access Protection (NAP) administrative plug-in)
"Is User Policy" is set to FALSE.
CSE GUID is set to the Group Policy: Registry Extension Encoding CSE GUID (defined in section 1.9).
TOOL GUID is set to the Group Policy: Network Access Protection Tool extension GUID (defined in [MS-GPNAP] section 1.7).
In both cases, <gpo path> is set to the computer-scoped Group Policy Object path (the GPO path targeted by the Network Access Protection administrative plug-in), and the settings contained in the registry.pol file are used for the Policy Setting State. No other policy files are accessed by this plug-in. The plug-in MUST use the registry policy file format specified in section 2.2.1 to query and update the policy entries described in [MS-GPNAP] section 2 in the registry.pol file.
The Network Access Protection policy settings are defined in the following sections of [MS-GPNAP]: