Monday, March 30, 2015

Network Access Protection (NAP) Deployment in Windows Server 2012 R2 – Part 1 of 7 (Configure Server and Client Certificate Requirements)

As promised, today lets go through my Part 1 of 7, step by step on how to deploy Network Access Protection in Windows Server 2012 R2.
I can promise you this deployment will be major, so many step to go through, and for that reason, i prepare 7 parts of the Step by Step so that you as a IT Administrator can understand the flow of the deployment and please take time to read more on the NAP.
a little bit of information about NAP :
NAP is a policy-enforcement platform that is built into all Windows client computers beginning with the WinXP SP3, and all server-based operating systems beginning with the Windows Server 2008.
You can use NAP to protect network assets more strongly by enforcing compliance with system-health requirements. NAP provides the necessary software components to help ensure that computers connected or connecting to your network remain
manageable, and so that they do not become a security risk to your enterprise’s network and other attached computers.
Understanding the functionality and limitations of NAP will help you protect your network from the security risks posed by noncompliant computers.
For more information on the NAP : http://technet.microsoft.com/en-us/network/bb545879.aspx
In this Part 1, lets go through how to configure Server and Client Certificate Requirements / Health Policies before we jump into NAP deployment…
1 – On OSI-ADDS01 server, open Server Manager, click Tools, and then clickCertification Authority
** in case you do not have Certificate Authority installed, please log in to my previous post : Installing Certificate Authority on Windows Server 2012 R2 (https://mizitechinfo.wordpress.com/2014/07/19/step-by-step-installing-certificate-authority-on-windows-server-2012-r2/)
1
2 – In the certsrv management console, double click osi-ADDS01-CA, right-clickCertificate Templates, and then
select Manage on the context menu…
2
3 – In the Certificate Templates Console, right-click Computer, and then clickProperties
3
4 – In the Computer Properties box, click the Security tab,  select Authenticated Users, an then in the Permissions for Authenticated Users, tick Allow check box for the Enroll permission, and then click OK.
4
5 – Next, in certsrv – [Certification Authority (Local)] console, right-click osi-ADDS01-CA, point to All Tasks, and then click Stop Service
5
6 – Next, right-click  osi-ADDS01-CA again, point to All Tasks, and then click Start Service
6
7 – Next, log in to another server (OSI-NPS), in this new server we are going toenroll new certificate from AD into this OSI-NPS Server :
– On the OSI-NPS Server, open MMC
7
8 – On the OSI-NPS Server, click File menu, click Add/Remove Snap-in
8
9 – Next, in the Add or Remove Snap-ins dialog box, click Certificates, click Add, select Computer account, click Next, and then click Finish
9
10
10 – In the Add or Remove Snap-ins dialog box, click OK
11
11 – In the console1 tree, expand Certificates, right-click Personal, point to All Tasks, and then click Request New Certificate
12
12 – In the Certificate Enrollment dialog box, click Next to proceed…
13
13 – Next on the Select Certificate Enrollment Policy interface, click Active Directory Enrollment Policy, and then click Next…
14
14 – Next, select the Computer check box, and then click Enroll
15
15 – Verify the status of certificate installation as Succeeded, and then click Finish…
16
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)