There are various ways to enforce policies.
- Windows Group Policy
- Network Access Control
This allows a server to perform some tests. The results of these tests may determine whether a network interface port on a switch remains active, or what information DHCP hands out to a client. Therefore, the server has some ability to control what type of access another device will have on a network.
In 2010, NetworkWorld article on NAC gone wrong states, “Agreement on what NAC really means and the right approach to NAC remain as elusive today as in 2005, when the first NAC products burst on the scene.”
(That's an old article, and one article might be quite little to make a sweeping judgement. Still, that doesn't sound like a very positive judgement.)
- Specific implementations
- Cisco offerings
- Network Admission Control
- Identity Services Engine (“ISE”)
This software might not be specific to just NAC, but it does seem to provide some similar features. For instance, both ISE and MAC can consider whether a client's anti-virus software is up to date.
- Network Access Protection
There's at least a few articles on Microsoft's site. e.g.: Network Acces Protection Using 802.1x VLANs or Port ACLs