Quarantining Part of Windows Server 2003 'R2' Fleshed Out

Microsoft unveiled details, a name and partner support for the quarantining technology it plans to add to Windows Server 2003 next year in the update release, code-named "R2."

The R2 release is supposed to roll together feature pack components of Windows such as Windows SharePoint Services on top of the code-base of the as-yet-unreleased Windows Server 2003 Service Pack 1. At its annual TechEd conference in May, Microsoft began talking about additional features coming in R2 -- among them quarantining functionality.

Microsoft executives used the Worldwide Partner Conference in Toronto this week to discuss additional details of the quarantining functionality in R2. "IT administrators have told us that managing user access to their corporate resources in a safe and secure manner is a major concern," said Mike Nash, corporate vice president of the Microsoft Security Business and Technology Unit.

Quarantining is a way to address the problem of mobile and remote users introducing viruses, worms, trojans and other malware to the corporate network when they reconnect after potentially infecting their systems outside the network. The idea is to force the user to log in to a restricted area, where the system is scanned, virus signatures are updated and patches are applied. Microsoft has obtained similar results with an API for Windows Server 2003 and provides some capabilities in Internet Security & Acceleration Server 2004, which became generally available on Tuesday.

But the company is positioning quarantining as ready for prime time in R2. The formal name is now Network Access Protection. It will consist of three distinct functionalities.

Network policy validation will determine whether a client machine is compliant with the IT department's policies at the point of network entry.

Network restriction will quarantine non-compliant machines in a restricted network that offers updates and security utilities and also allows "guest access" rights to the network.

Network policy compliance functionality in Network Access Protection will give the IT administrator tools to bring non-compliant computers into compliance.

Microsoft signed up 25 partners who are vowing to extend Network Access Protection to their current or future products. They include client security companies such as CA and Symantec, networking vendors such as Extreme Networks and Juniper Networks and several major systems integrators.

The most interested group appears to be the management and patch management vendors, who scrambled Tuesday to declare their dedication to the technology in news releases. Participating vendors in that space include Altiris, BigFix, BindView, Citrix, HP, LANDesk Software, Microsoft's own Systems Management Server unit, Pedestal Software and Shavlik.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus