This is my Part 3 of 7 on NAP, which is Configure Network Policies.
Before we get started, we need to understand a bit information related to Network Policy Server network policy.
NPS network policies perform multiple checks to verify whether different conditions about the remote access user and computer are met.
Based on the verification results, NPS network policy will allow or deny the remote access.
If all NPS Network Policies are deleted, then remote access will be denied to users that are configured using NPS Network Policy, because there is no NPS Network Policy available to authorize them for remote access.
** make sure you continue from previous step which is step 2 : Configure Health Policies.
1 – Open Network Policy Server console, under Policies, click Network Policiesand then disable the two default policies found under Policy Name by right clicking the policies, and then clicking Disable.
2 – Right-click Network Policies, and then click New…
3 – On the Specify Network Policy Name and Connection Type interface, in the Policy name box, type OSI-Compliant-Full-Access, and then click Next…
4 – On the Specify Conditions interface, click Add…
5 – In the Select condition dialog box, browse Health Policies and then double-click on it…
6 – In the Health Policies interface, in the Health policies box, type OSI-Compliant, and then click OK…
7 – On the Specify Conditions interface, click Next…
8 – On the Specify Access Permission interface, click Access Granted button and then click Next…
9 – On the Configure Authentication Methods interface, clear all check boxes butselect the Perform machine health check only check box, and then click Next…
10 – On the Configure Constraints interface, click Next…
11 – On the Configure Settings interface, click NAP Enforcement. Verify that Allow full network access is selected, and then click Next…
12 – On the Completing New Network Policy interface, verify the Policy Conditions, and then click Finish…
13 – In the Network Policy Server console, verify that OSI-Compliant-Full-Access listed under Policy Name…
14 – Right-click Network Policies, and then click New…
15 – On the Specify Network Policy Name And Connection Type interface, in the Policy name box, type OSI-Noncompliant-Restricted, and then click Next…
16 – On the Specify Conditions interface, click Add…
17 – In the Select condition dialog box, double-click Health Policies…
18 – In the Health Policies dialog box, in the Health policies box, type OSI-Noncompliant, and then click OK…
19 – On the Specify Conditions interface, click Next…
20 – On the Specify Access Permission interface, verify that Access granted is selected, and then click Next…
21 – On the Configure Authentication Methods interface, clear all check boxesbut make sure you select the Perform machine health check only check box, and then click Next…
22 – On the Configure Constraints interface, just click Next to proceed…
23 – On the Configure Settings interface, click NAP Enforcement. Click Allow limited access and clear the Enable auto-remediation of client computers check box…
24 – Don’t click Next just yet, but click IP Filters, then click Input Filters…
25 – On the Inbound Filters interface, click New…
26 – In the Edit IP Filter dialog box, select Destination network, then in the IP address box, type 172.16.0.101, in the Subnet mask box, type 255.255.255.255, and then click OK…
27 – On the Inbound Filters interface, click click Permit only the packets listed below, and then click OK…
28 – Still in the New Network Policy interface, under IPv4, click Output Filters, and then click New…
29 – On the outbound Filters interface, click New…
30 – In the Edit IP Filter dialog box, select Source network, in the IP address box, type 172.16.0.101, in the Subnet mask box, type 255.255.255.255, and then click OK…
31 – On the Outbound Filters interface, click Permit only the packets listed below, and then click OK…
32 – On the Configure Settings interface, click Next…
33 – On the Completing New Network Policy interface, click Finish…
34 – On the Network Policy Server console, under Policy Name, verify that we have 2 policy listed…
We done for now, on my next post, i will go through step by step on Connection Request Polices for VPN configuration
No comments:
Post a Comment