Windows Server 2008 NAP (Part 3)

by Marin Franković on 20 December, 2008

… continued from Part 2

?

We have to configure DHCP service for NAP enforcement:

  • ?Open DHCP console, expand it and right click on IPv4 Scope earlier created?and select properties
  • On Network Access Protection tab verify that “Use default NAP profile” is selected
  • Under Configure Scope options select Advanced, select Default User Class
  • Configure 003 Router as eg. 10.10.0.1, 015 DNS Domain Name eg. yourdomainname.local
  • Select Default Network Access Protection Class
  • Configure 006 DNS Servers eg. 10.10.0.10 (IP address will probabaly be DC), 015 DNS Server name eg. Restricted.yourdomainname.local?

?


?

?

Configuring CL computer to be NAP and DHCP client

  • Open gpedit.msc using Start – Run
  • In the key Local Computer Policy/Computer Configuration/Administrative Templates/Windows Components/Security Center double click Turn On Security Center (Domain PCs only) and select Enabled, click OK
  • Open napclcfg.msc using Start – Run
  • Click Enforcement Clients and enable DHCP Quarantine Enforcement Client
  • Close the console
  • Open services.msc using Start – Run
  • Select Network Access Protection Agent and set its startup type to Automatic and then start the service
  • Close the console
  • Set up so CL computer receives its IP address and DNS configuration automaticly, disable IPv6 on the network card
  • Restart CL computer and then log on as domain admin

?

Testing DHCP? NAP enforcement:

  • On CL computer open command prompt and enter “ipconfig /all”
  • Verify that the state of connection is “Not Restricted” and DNS suffix is eg. yourdomainname.local
  • On SRV member server open NPS console
  • Open Network Access Protection and then open System Health Validators
  • Configure Windows Security Health validator so that it checks for avilabilty of Anti Virus application
  • On CL release and renew IP address
  • Verify that the state of connection is “Restricted” and DNS suffix is eg. restricted.yourdomainname.local

?

In the next article?I will explain how to set up VPN NAP enforcement


{ 0 comments… add one now }

Leave a Reply

Previous post:

Next post: