Q: Our company has to let many employees and contractors access our VPN from their personal computers. How can we protect our network from insecure computers, especially those that don't have up-to-date anti-malware protection?
A: You should consider using Network Access Quarantine Control (NAQC). NAQC is a Windows Server 2003 tool that prevents remote computers from accessing your network until the computer's configuration meets your requirements. NAQC works by inserting a check on your RRAS server between the point where remote clients authenticate and the point where RRAS lets those clients fully access the network. NAQC requires the client to run a script on the local computer that creates administrator-specified configuration settings. For example, the script might check the version and status of the client computer's anti-malware protection. The only problem with NAQC is that you have to write the script yourself because NAQC doesn't provide a wizard or script-generation tool. See the Windows IT Security article "Setting Up Network Access Quarantine Control," February 2005, InstantDoc ID 44950, for more information about NAQC.