A new article and sample code set is now posted to MSDN as part of my Windows Vista Security series.  Check out “Building Plug-ins for Network Access Protection” at http://msdn2.microsoft.com/en-us/library/bb945062.aspx. 

Highlights:  the article provides a detailed walkthrough of how a Statement of Health is generated by the client (“System Health Agent”) code and evaluated by the server code (“System Health Validator,” running on Windows Server 2008 via its Network Policy Server role).  It also shows the code flow for auto-remediation (programmatically fixing a client that’s deemed un-healthy, and then letting it connect to the protected network resource).

The code shows a generic Registry SHA/SHV.  In other words, you can configure it to enforce NAP policy on an arbitrary registry key, or keys!

Any questions – find me at TechEd Developers in Barcelona next week (or just email me – that works too …).

No Comments »