windows server 2008 NAP Clients
-
martes, 31 de julio de 2012 11:14
hi all,
i have configured NAP DHCP enforcement in a lab it works fine and the user is isolated to only the remediation server but when i want to test if the client is complaint by removing the complaint settings from the windows security health validator it still in the restricted to the remediation servers although i renew the IP and restart still the same
any help
thanks
Tarek Khairy
Todas las respuestas
-
martes, 31 de julio de 2012 7:37
hi all
i want to implement NAP and im confused what enforcements to use
i don't have IPsec implemented on my environment and i want to use NAP with UAG direct access i want to know what is the best enforcements and how to implement it and if i will use UAG direct access do i still need VPN ?
Thanks
Tarek Khairy
- Combinado Tiger LiModerator miércoles, 01 de agosto de 2012 0:39
-
miércoles, 01 de agosto de 2012 4:40Moderador
Hi Tarek,
Thanks for posting here.
Could we first try to manually restart the NAP Agent service on client and see how is going ?
Net stop napagent
Net start napagent
Meanwhile, do we have any error or warring on client ?
Fixing Remediation Problems
http://technet.microsoft.com/en-us/library/dd348520(WS.10).aspx
IPsec enforcement is the option we have in DA deployment :
Planning Forefront UAG DirectAccess with Network Access Protection (NAP)
http://technet.microsoft.com/en-us/library/ee809068.aspx
Thanks.
Tiger Li
Tiger Li
TechNet Community Support
-
miércoles, 01 de agosto de 2012 7:47
Thanks for the reply, i try to stop and start the napagent service but the problem still the same. i configured the router option as described in the article above still the same, actually i configured the NAP remediation server as my DHCP so the client can reach the DHCP server but i don't know why the policy still applied after i remove the settings from windows security health validator i even remove it for the XP clients while i have only windows 7 clients.
- there is no any errors in the event viewer for the client.
- for the remediation servers if i have SCCM what it can do for the non complaint clients? can it update the antivirus or anti spam or install it if the client doesn't have it ? or it will require a user action?
- for UAG direct access with NAP shall i install both on one server ? and if i want to implement other enforcements will i do it in the same server or can apply it on another server
Thanks
Tarek Khairy
-
miércoles, 01 de agosto de 2012 8:23Propietario
Hi,
Look in Event Viewer under Custom Views\Server Roles\Network Policy and Access Services.
Check the events here to make sure your client is not matching the noncompliant policy or the non NAP-capable policy. If it is matching either of these then it is probably still given restricted access.
-Greg
-
miércoles, 01 de agosto de 2012 8:31there is no events in the NPS server.
Tarek Khairy
-
miércoles, 01 de agosto de 2012 8:34one more thing i have the DHCP on the DC, do i need to install the NPS service on the DC as well ?
Tarek Khairy
-
miércoles, 01 de agosto de 2012 15:53Propietario
Hi Tarek,
NPS must be installed on the same server with DHCP. I assume you are using DHCP enforcement here.
-Greg
- Marcado como respuesta Greg LindsayMicrosoft Employee, Owner viernes, 24 de agosto de 2012 3:36
-
jueves, 02 de agosto de 2012 23:07Propietario
You might want to read about NAP enforcement points (servers with NPS installed).
http://technet.microsoft.com/en-us/library/dd125306(WS.10).aspx
.png)
