UEU-co logo

ch11lev1sec9.html


Previous Page Next Page

Understanding Network Access Protection

Group Policy provides you with a both fine-grained and yet extensible strategy for deploying policies on the network that control both computer and user behavior in the domain. And although you might think that Group Policy provides you with enough administrative control over domain users and computers, there is a new addition to the Windows Server 2008 network operating system that extends your bag of tricks in terms of securing the network: the Network Policy and Access Services.

In terms of network access protection (NAP), we will concentrate (at least in this hour) on the Network Policy Server (which is one component of the Network Policy and Access Services and is Microsoft’s implementation of a RADIUS server) and how you configure it as a NAP health policy server. The network access protection provided by a NAP health policy server enables you to create “health” policies related to network clients in the domain and then enforce these policies. This may mean that network clients that are not using automatic updates to keep Windows Vista up to date (and more secure, because many updates are related to security issues), or have had their Windows configuration changed from a designated standard configuration (by a network user who doesn’t comply with your “written” network policies), can be provided restricted network access until the client computer has been configured in accordance with the network access protection policies. The NAP health policy server can also help users get computers that do not comply with health policies up to date.

By the Way

The Network Policy and Access Services role is kind of a grab bag of services and features related to remote access, routing, and network policy. This hour looks at how to use network policy to help secure the network and keep network clients up to date (in terms of their OS software). Hour 17, “Remote Access and Virtual Private Networking,” looks at how to configure a server running Windows Server 2008 for remote access by using a Network Policy server (Microsoft’s implementation of a RADIUS server), and how virtual private network networking is configured on a domain server. Hour 18, “Implementing Network Routing,” discusses how a server with the Network Policy and Access Services role can function as an IP router on a small network. So, you can see that the Network Policy and Access Services role has a number of different functions that relate to network access, protection, and data routing.

Every network administrator wants to keep network client configurations up to date and maintain desktop operating system deployments with a standard configuration. For example, you want all desktop clients to have the Windows Firewall enabled or you want to make sure that every desktop client has the latest antivirus signatures installed. Now, the NAP health policy server provides a method to actually enforce desktop operating system configuration requirements in the domain and help keep desktop operating systems such as Microsoft Vista and Windows XP (Service Pack 3) secure by making sure that the latest OS updates have been installed.

Let’s take a look at how to add the Network Policy Server (as part of the Network Policy and Access Services) to a server running Windows Server 2008. You can then see how to configure the Network Policy Server as a NAP health policy server.

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited