I've found a couple of places that describe NAC being able to issue a gpupdate once the user logs into the network. In my managed client environment I have Computer based GPO settings, computer startup scripts to push printer connections, and GPO based assigned applications.
If I enable NAC to control these computers, I'm effectively disabling the available to do computer based controls because no one has logged onto the machine? I'm scratcing my head on this one because ideally the computer would NOT have access to the domain controllers/application server until they been verified. That is the ideal situation right?
Could someone offer some guidance/link/pointer on how this process would not be broken without defesting the purpose of an OOB-VG deployment?