Enterprises and other organizations implement network access control in order to control the ability of endpoint devices to communicate on a computer network. For example, an enterprise may implement a computer network that includes an email server. In order to prevent unauthorized users from communicating with this email server, the enterprise may implement a network access control system that prevents unauthorized users from sending network communications on the computer network unless the users provide a correct username and password. In another example, an enterprise may assess the “health” of the endpoint device prior to allowing the endpoint device to access the enterprise computer network. For example, the enterprise may wish to prevent devices that are infected with computer viruses from communicating with devices on a network of the enterprise. In this example, the enterprise may implement a network access control system that prevents devices that do not have current anti-virus software from communicating on the network.
An endpoint device may gain access to a protected network by using a network protocol to provide proper network access control information to a network access control server. The network access control information may specify data that indicates a configuration of the endpoint device, an identity of the user of the endpoint device, information needed to verify the data that indicates the configuration of the endpoint device, and other information. The data that indicates the configuration of the endpoint device may indicate software applications installed on the endpoint device, hardware installed on the endpoint device, and other configuration information specific to the endpoint device. The network access control server evaluates the network access control information provided by the endpoint device in order to determine whether to allow the endpoint device to communicate on the protected network.