Re: NAC Question

[I_wont_tell () noname com]

NAC sounds like a good approach for your problem, but you have to remember that IT is supporting business needs.  This 
article makes the point:

Handling the politics of network access control policies

Jennifer Jabbusch
02.27.2009
http://searchmidmarketsecurity.techtarget.com/tip/0,289483,sid198_gci1349424,00.html?track=NL-1194&ad=699314&asrc=EM_NLT_6647116&uid=4739563

So, while NAC is probably your best solution, first you have to sell the need to the appropriate business managers.  
The obvious advantage for them is that it will reduce need for users to call help desk, with the secondary advantage of 
freeing you up to do more work that benefits them.  Then the question for business to decide, with your guidance, 
becomes how much you want to use NAC to lock down network access.  There are several "levels' of NAC lockdown possible, 
ie:
- simply enforce current antimalware signatures and patches.  
- specify which antimalware is REQUIRED and current signature files & patches.  
- enforce patching all apps on remote machine (corporate version of Secunia PSI or SUMo version control will do the 
job).
- restrict installed applications to an approved "whitelist"

In a corporate situation level 3 or 4 should be possible, in an education situation you may only be able to get them to 
buy into level 1 or 2

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------