From Dark Reading's "News Feed" (aka industry press release feed) comes a purported success story about an intermediate school district in Texas that has implemented Mirage Networks' NAC. Reading stuff like this makes me ill. There are several components of this scenario that are offensive to my sensibilities and common sense in general.
First, K-12 schools have very real, very unique security challenges. (I speak from experience. My early work with firewalls, content management, security monitoring, incident response, forensics, and working with law enforcement all came from working for a school district for the latter half of the 1990's.) But rogue devices (the problem that NAC should be positioned to solve) shouldn't be one of them, at least not a big one. Simple network design and segmentation should cut down on accidental cross-over from student/library/commons networks, and then physical supervision (you know, teachers, librarians, parapros, etc.) can be used to cut down on students intentionally plugging in laptops in classrooms or offices.
Secondly, NAC is the wrong fix for Sasser. Patching a 4-year old vulnerability is the right fix. If your patch cycle is over 4 years, then you have no patch cycle, and with or without NAC, you've lost. Using NAC to 'ban' all of your unpatched workstations from the internal network may save your unpatched servers, but kicking out legitimate users on internal machines is still an overall loser for IT. Functionally and politically, this can't be sustained.
Thirdly, school money is taxpayer money. School administrators - especially facilities and IT folks - hate to be reminded of it, but it's true. This is a nice win for the account manager at Mirage that pulled it off. K-12's can be tricky to sell into, and they typically have tight budgets with limited or no dedicated spending for security. An ISD like Round Rock will actually encompass several local school districts, and RRISD itself consists of over 40 schools, plus admin offices and bus garages. At that size, there's pretty much no way this wasn't at least a 6-figure expenditure. And for what? A temporary fix for a problem that could've been solved with $20K of server hardware and WSUS? If I lived in Round Rock, TX, you can be sure I'd be at the next board meeting asking questions.