11.2. Evaluation Before Enforcement
When you expand your NAC deployment and begin requiring user authentication and endpoint inspection over a huge number of end users, you don't want the NAC system to block the CEO from accessing her e-mail simply because her machine isn't adequately patched or her antivirus software is out of date.
After you finish the proof of concept and pilot test, both of which involve only a limited number of end users, you need to push the proposed NAC policies to the rest of the organization so that you can truly assess the impact of NAC across the production environment. If you don't know what's going to happen when you flip the switch, do a broad test run. Many organizations simply don't have a firm grasp of the overall state of the machines on their networks. In many cases, multiple groups are responsible for desktop management, each with their own organizational policies and management tools. In other cases, a large number of partners, contractors, and customers run unmanaged devices on the network.
People really become nervous when they don't have the appropriate strategy in place to keep their machines updated. Follow the processes outlined in this chapter, and throughout the entire book, and you will have nothing to worry about when rolling out NAC!