I know this is old news now, but I am still a bit upset that the NAP (Network Access Protection) (Network Access Protection) services have been removed from the next version of Windows 2003 Server (the so-called R2 release). This was the main killer feature for me, at least, in the upcoming release. If you run in a small- to mid-sized shop, it is expensive (in both cost and time) to implement a good physical security policy concerning network access. NAP would have solved the problems with rogue computers (or even rouge APs) on the network at a relative minimum of cost.
In the interim, I would recommend that MS beef up the VPN quarantine facility in time for the R2 release… This would help immensely.