Quarantining Part of Windows Server 2003 'R2' Fleshed Out

Microsoft unveiled details, a name and partner support for the quarantining technology it plans to add to Windows Server 2003 next year in the update release, code-named "R2."

The R2 release is supposed to roll together feature pack components of Windows such as Windows SharePoint Services on top of the code-base of the as-yet-unreleased Windows Server 2003 Service Pack 1. At its annual TechEd conference in May, Microsoft began talking about additional features coming in R2 -- among them quarantining functionality.

Microsoft executives used the Worldwide Partner Conference in Toronto this week to discuss additional details of the quarantining functionality in R2. "IT administrators have told us that managing user access to their corporate resources in a safe and secure manner is a major concern," said Mike Nash, corporate vice president of the Microsoft Security Business and Technology Unit.

Quarantining is a way to address the problem of mobile and remote users introducing viruses, worms, trojans and other malware to the corporate network when they reconnect after potentially infecting their systems outside the network. The idea is to force the user to log in to a restricted area, where the system is scanned, virus signatures are updated and patches are applied. Microsoft has obtained similar results with an API for Windows Server 2003 and provides some capabilities in Internet Security & Acceleration Server 2004, which became generally available on Tuesday.

But the company is positioning quarantining as ready for prime time in R2. The formal name is now Network Access Protection. It will consist of three distinct functionalities.

Network policy validation will determine whether a client machine is compliant with the IT department's policies at the point of network entry.

Network restriction will quarantine non-compliant machines in a restricted network that offers updates and security utilities and also allows "guest access" rights to the network.

Network policy compliance functionality in Network Access Protection will give the IT administrator tools to bring non-compliant computers into compliance.

Microsoft signed up 25 partners who are vowing to extend Network Access Protection to their current or future products. They include client security companies such as CA and Symantec, networking vendors such as Extreme Networks and Juniper Networks and several major systems integrators.

The most interested group appears to be the management and patch management vendors, who scrambled Tuesday to declare their dedication to the technology in news releases. Participating vendors in that space include Altiris, BigFix, BindView, Citrix, HP, LANDesk Software, Microsoft's own Systems Management Server unit, Pedestal Software and Shavlik.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.