Which type of NAC installs the scanning engine on the domain controller rather than on endpoint devices?

Agentless NAC (Network Access Control) operates by installing the scanning engine on the domain controller rather than on individual endpoint devices. This approach allows organizations to monitor and control access to the network without requiring software agents on each device. Agentless NAC can easily assess the security posture of devices as they attempt to connect to the network, enabling real-time compliance checks based on predetermined security policies.

The benefits of using an agentless approach include simpler deployment and management, as IT staff do not need to install and maintain software on every endpoint. Instead, the NAC system can leverage existing infrastructure like domain controllers to gather information and enforce policies. This is particularly advantageous in environments with a large number of diverse devices, as it reduces overhead and complexity while still maintaining security standards across the network.

Understanding this characteristic of agentless NAC is crucial for implementing effective network security management strategies.