Good points Weby, and guess where NAC begins? You guessed it...machine authentication. Install a machine identity certificate upon taking ownership of the TPM. Not that hard to do and easy for IT to support. All enterprise (incl. gov't/mil) begins with this essential move...much analagous to what a SIM card does to a cell phone, a TPM does for a PC, and a TPM ultimately does far more than enable secure network access (it also enables TXT etc. etc.).