programming4us
           
 
 
Windows Server

Windows Server 2008 : Working with NAP (part 3) - DHCP Enforcement

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
11/29/2010 5:20:49 PM

DHCP enforcement is probably the easiest NAP infrastructure design to implement. In Exercise 1, we are going to show you how to implement NAP DHCP enforcement.

Exercise 1: Implementing DHCP Enforcement

In this exercise we are going to implement the DHCP and NPS server roles on the server NPS1. We will then configure NAP with the wizard and also configure the SHVs that will force any connecting client using DHCP to be network compliant. The domain name is CONTOSO.COM, Keeping with the Microsoft tradition. Figure 2 depicts this simple network. We are going to imply that both servers are Windows Server 2008 and Active Directory Domain Services have already been set up for the CONTOSO.COM domain.

Figure 2. Network Diagram for Exercise 1
1.
First we will install the NPS and DHCP server roles on NPS1. Click Start and then click Server Manager.

2.
Under Roles Summary, click Add Roles and then click Next.

3.
On the Select Server Roles page, select the DHCP Server and Network Policy and Access Services check boxes and then click Next twice (see Figure 3).
Figure 3. Server Roles Page


4.
On the Select Server Roles page, select the Network Policy Server check box and then click Next twice.

5.
On the Select Network Connection Bindings page, verify that 172.16.0.11 is selected and click Next.

6.
On the Specify IPv4 DNS Server Settings page, verify that contoso.com is listed under Parent Domain.

7.
Type 172.16.0.10 under the Preferred DNS server IP address and click Validate. Verify that the server was able to validate the DNS server.

8.
On the Specify WINS Server Settings, click Next, accepting the default settings.

9.
On the Add or Edit DHCP Scopes page, click Add.

10.
In the Add Scope dialog box, type NAP SCOPE next to Scope Name. Add 172.16.0.20 as the Starting IP Address and 172.16.0.30 as the Ending IP Address. For the Subnet Mask use 255.255.255.0. Select the Activate this scope check box. Notice in Figure 4 that we do not specify a Default Gateway.
Figure 4. Add Scope Dialog Box


11.
On the Configure DHCPv6 Stateless Mode page, select Disable DHCPv6 stateless mode for this server and then click Next. Remember that NAP does not support DHCPv6.

12.
On the Authorize DHCP Server page, select Specify, enter Administrator information, and then click Next.

13.
On the Confirm Installation Selections page, click Install.

14.
Verify the installation completed with no errors and then click Close.

At this point, we now have our DHCP Server and NPS installed. The DHCP Server is configured and authorized for the domain CONTOSO.COM. Now we need to configure NPS as a NAP health policy server so that it can validate the clients connecting to our domain via DHCP.

To do this, we will use the NAP configuration wizard.

1.
Click Start, click Run, type nps.msc and press Enter.

2.
Make sure that in the Network Policy Server console tree, that NPS (Local) is selected.

3.
Under Standard Configuration, click Configure NAP. The NAP configuration wizard will start. See Figure 5.
Figure 5. NAP Configuration Wizard


4.
On the Select Network Connection Method for Use with NAP page, under Network connection method, select Dynamic Host Configuration Protocol (DHPC), and then click Next.

5.
On the Specify NAP Enforcement Servers Running DHCP page, click Next.

6.
On the Specify DHCP Scopes page, click Next.

7.
On the Configure User Groups and Machine Groups page, click Next.

8.
On the Specify a NAP Remediation Server Group and URL page, click Next.

9.
On the Define NAP Health Policy page, verify that Windows Security Health Validator and Enable auto-remediation of client computers check boxes are selected, click Next.
10.
Click Finish on the Completing NAP Enforcement Policy and RADIUS Configuration page.

The only thing left to configure is our System Health Validators (SHVs). We are going to set up our new SHV to make sure that the Windows Firewall is enabled, and an antivirus application is on and up-to-date.

1.
In the Network Policy Server console tree, double-click Network Access Protection, and then click System Health Validators.

2.
In the details pane, under Name, double-click Windows Security Health Validator.

3.
In the Windows Security Health Validator Properties dialog box, click Configure.

4.
Clear all check boxes except for A firewall is enabled for all network connections and An antivirus application is on. See Figure 6.
Figure 6. Windows Security Health Validator


5.
Click OK to close the Windows Security Health Validator dialog box, and then click OK to close the Windows Security Health Validator Properties dialog box.

6.
Close the Network Policy Server console.

This was a long exercise, but it is very important to see this process from start to finish—it helps facilitate your understanding of all concepts dealing with implementing DHCP enforcement.

Other -----------------
- Windows Server 2008 : Configuring Remote Access (part 6)
- Windows Server 2008 : Configuring Remote Access (part 5) - Virtual Private Networks
- Windows Server 2008 : Configuring Remote Access (part 4)
- Windows Server 2008 : Configuring Remote Access (part 3)
- Windows Server 2008 : Configuring Remote Access (part 2) - Network Policy Server and Network Access Protection
- Windows Server 2008 : Configuring Remote Access (part 1) - Routing and Remote Access Services
- Windows Server 2008 : Configuring Wireless Access
- Windows Server 2008: Configuring Routing
- Windows Firewall with Advanced Security in Windows Server 2008 (part 3)
- Windows Firewall with Advanced Security in Windows Server 2008 (part 2)
- Windows Firewall with Advanced Security in Windows Server 2008 (part 1)
- Windows Server 2008 : Configuring IP Security (IPsec)
- Windows Server 2008 : Configuring Network Authentication (part 2)
- Windows Server 2008 : Configuring Network Authentication (part 1)
- Windows Server 2008 : Configuring IPv4 and IPv6 Addressing
- Windows Server 2008 : Managing the Terminal Services - Displaying Data Prioritization
- Windows Server 2008 : Managing the Terminal Services - Viewing Processes & Monitoring Sessions
- Windows Server 2008 : Managing the Terminal Services - Limits
- Windows Server : Managing the Terminal Services - RDP Permissions
- Windows Server : Configuring TS Remote Desktop Web Connection
 
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us