NAP(Network Address Protection) Process
Network Access Protection with DHCP Step-By-Step Guide Network Access Protection or NAP is a service which validates the health status of different type of clients which intend to use some specific services on the network. Once the client is trying to use the service, its health status is checked by using the health validation agent of NAP service installed on NAP server and if approved, the client is allowed to use that service. One of the services that can be well-integrated with NAP is DHCP. If the client trying to receive an IP address does not pass the health validation check, it is not allowed to receive an IP address and therefore is not able to connect to the network. Of course one of the disadvantages of using DHCP integrated with NAP is that it could be easily bypassed if the client avoided using a dynamic IP address configuration and the user set its IP address manually and joined the network. This actually would all go back to how much privilege is given to the user to be able to change its IP address manually. For this part, we would not talk about in this post as we would try to solely focus on the DHCP and NAP configuration both on the DHCP and NAP Servers and also on the client. First of all we need to install Network Policy Server Role. Open up Server Manager and click on Add Roles and then from the roles check Network Policy and Access Services and click Next. Then from the available Role Services, check Network Policy Server, click Next and then Install: Then from the Administrative Tools, click on Network Policy Server and then in the new windows click on Configure NAP: From the Network Connection Methods, choose Dynamic Host Configuration Protocol (DHCP) and then choose a name for the Policy: Since we do not have a Radius Server in our scenario, click Next again and in the next step click on Add and then give a name to the specified DHCP Scope: Click Next again so that this policy will be applied to all the users. Click Next again and in the new window you should specify a remediation server by clicking on the New Group. In the new Window, give it a name like Rem-Server. Click on Add and then give the IP address of the Remediation Server. Here I entered 10.10.0.10 Notes: A remediation server is the server that gives non-compliant computers (Unhealthy computers) the needed patches and updates to change their status to compliant and healthy. After you added the New Group, then do not enter any URL as the Troubleshooting URL since in this scenario we do not need one and then click Next and then click Next again and then click Finish. Then on the Network Policy Server console and under Network Access Protection click on System Health Validators and then on the right hand side right click on Windows System Health Validator and click Properties: in the new Windows click on Configure: and then in the following Windows you can specify what tests you need to be run on different types of clients (Windows Vista and Windows XP): I let them all on and then click OK twice and finish it all. And then on the server click on Run and type mmc and then from the File menu, choose Add/Remove Snap-in and then choose NAP Client Configuration and click Add and then choose the local computer and click on OK twice to open the following console. On the left pane, click on NAP Client Configuration and then Enforcement Clients and then on the right right click on DHCP Quarantine Enforcement Client and click Enable. Now you are done with the NAP Configuration on the server and you have to move to your Domain Controller and if you want this policy to be applied to all the computers, make some modification on the default domain policy using Group Policies. So on the domain controller open up Group Policy Management Console from the administrative Tools and then right click on the Default Domain Policy and click Edit: Go to Computer Configuration->Windows Settings->Security Settings->Network Access Protection->NAP Client Configuration->Enforcement Clients and then from the right hand side right click on DHCP Quarantine Enforcement Client and click Enable. Then Go to Computer Configuration->Windows Settings->Security Settings-> System Services and then on the right hand side double click on Network Access Protection Agent and from this Window apply the following configuration: Then go to your DHCP Server and open up DHCP from the administrative Tools, and we assume that you already have one scope: Right click on the scope name and then click Properties and then go to the Network Access Protection tab and click on Enable for this scope and then click OK. and then go to the scope Options and right click on it and then choose Configure Options and go to the Advanced Tab and from the User Class choose Default Network Access Protection Class and then in the options check DNS Server and add a DNS Server IP Address and then click OK. Now you are done and everything works fine. All you need to do is to go to your client and disable the firewall or disable your antivirus program or do something which makes your client NOT HEALTHY and then you will see that you will get an IP Address from the DHCP Server but this time with a DNS address of 100.100.100.100 You want to learn more about Network Access Protection and see more scenarios such as integration with VPN?
Disclaimer: This tutorial is only for educational purpose. The author or the blog owner is not responsible for any kind of misuse of this information provided
Install Windows Server 2012 as Virtual Machine in VMware Workstation
Install Windows Server 2012 as Virtual Machine in VMware Workstation
Hyper V is one of the hottest feature of Windows Server 2012. You will definitely want to install Hyper V server role and play around with it.Installing Hyper V role in server 2008 in VMware Workstation was difficult until VMware released VMware Workstation 9. Here I will show you how to install Windows Server 2012 as virtual machine in VMware workstation 9 with Hyper V ready. So let’s get going.
Install Windows Server 2012 as Virtual Machine in VMware Workstation
Before installing Windows Server 2012 as virtual machine in VMware workstation you might want to make sure following things,
- At least 2 GB memory or more for Hyper V and nested VM installation.
- Processor that have Intel VT technology supported and enabled.
- At least 50 GB hard drive space or more for Hyper V virtual machine installation.
I am installing Server 2012 on my laptop running core i7 2670 processor with 16 GB RAM and 750 GB HDD with Windows 7 Ultimate. Here are the steps. Open VMware Workstation application from desktop. I am running VMware Workstation 9.
Click File from the Menu and select New Virtual Machine
Here choose Custom option and click Next button.
Choose Workstation 9 as hardware compatibility and click Next button. Under guest OS installation option, choose install operating system later. Click Next button.
Here I will choose Microsoft Windows as guest operating system and Hyper V as version. Click Next. Now name the virtual machine and browse the location to store this virtual machine and click Next button.
Under processor configuration, I will select 4 cores per processor and click Next.
I will select 6 GB of memory since I will be installing Hyper V and virtual machines under it. After configuring memory click Next.
In network type option choose NAT so that you can use Internet within the virtual machine. Then click Next button. Under I/O controllers type leave the default, LSI Logic SAS. Click Next button.
In select disk option, choose create new virtual disk and click Next button. In disk type, choose SCSI and click Next button.
Now, specify the disk capacity. I will enter 90 GB so that I will have enough space to install virtual machines in Hyper V. Then click Nextbutton. Browse the location where you want to save the disk file. Click Next button.
Now you can see all the information in one place. If you think something is not right then you can click back and edit it. Click Finish button. Now click edit virtual machine settings to configure installation file of Server 2012.
As you can see below picture, select CD/DVD under device and browse the location of ISO installation file of Server 2012.
After configuration click OK button and click power on this virtual machine. You can now start installing Windows Server 2012.
That's All
love the post !!!
ReplyDeleteThank you for your intelligent post and for helping others become more aware. You made more sense than others who speak within this same area of expertise and I am really glad I found your blog-website. I’ve joined your social networks and will keep an eye out for future great posts as well. Additionally, I have shared your site in my social networks as well. Thank you again!
Brazil VPS Server
Hi Admin,
ReplyDeleteI have been just watching that blog, It is really Impressive. Just loved that information content of that blog. Keep writing the stuff like that. Thanks,
Norton Phone Number Customer Support
Thank you nice article. You have share best article. Thank You again. IBI aleab
ReplyDeleteI love your blog because sharing fruitful information about server, and here you can get to get know detail information about Client Server Architecture
ReplyDelete