This is one of my favorite parts of NAC solutions. As you're probably getting tired of hearing already, the goal is to get people productive and have them be secure, not just locking people out. Because of this, it is important for NAC solutions to be able to fix the problems.
You will find that many NAC/NAP vendors skirt around the issues when it comes to the remediation portion of the solution. That is because many NAC/NAP solutions simply do not offer a component that will fix the discrepancies. Some do offer integration with leading patching solutions and other third-party systems, though some simply won't do anything to the device.
In my opinion, giving the end user a link to a web site where the user can fix the deficiency is ridiculous, although some solutions will do this. This takes the responsibility and control out of the hands of IT and places it on the end user. While this may sound good to some IT departments, it's really irresponsible. The end users' job is to do their job, not to learn how to install patches.
Remediation actions can take place via the NAC solution itself, or they can come from separate third-party remediation services, such as Tivoli, System Management Server (SMS), and so on. Here are some common means to remediate security deficiencies within NAC solutions:
Push down operating system patches
Push down Microsoft Office patches
Push down Internet Explorer and other browser patches ...