martes, 31 de julio de 2012 11:14
i have configured NAP DHCP enforcement in a lab it works fine and the user is isolated to only the remediation server but when i want to test if the client is complaint by removing the complaint settings from the windows security health validator it still in the restricted to the remediation servers although i renew the IP and restart still the same
Todas las respuestas
martes, 31 de julio de 2012 7:37
i want to implement NAP and im confused what enforcements to use
i don't have IPsec implemented on my environment and i want to use NAP with UAG direct access i want to know what is the best enforcements and how to implement it and if i will use UAG direct access do i still need VPN ?
- Combinado Tiger LiModerator miércoles, 01 de agosto de 2012 0:39
miércoles, 01 de agosto de 2012 4:40Moderador
Thanks for posting here.
Could we first try to manually restart the NAP Agent service on client and see how is going ?
Net stop napagent
Net start napagent
Meanwhile, do we have any error or warring on client ?
Fixing Remediation Problems
IPsec enforcement is the option we have in DA deployment :
Planning Forefront UAG DirectAccess with Network Access Protection (NAP)
TechNet Community Support
miércoles, 01 de agosto de 2012 7:47
Thanks for the reply, i try to stop and start the napagent service but the problem still the same. i configured the router option as described in the article above still the same, actually i configured the NAP remediation server as my DHCP so the client can reach the DHCP server but i don't know why the policy still applied after i remove the settings from windows security health validator i even remove it for the XP clients while i have only windows 7 clients.
- there is no any errors in the event viewer for the client.
- for the remediation servers if i have SCCM what it can do for the non complaint clients? can it update the antivirus or anti spam or install it if the client doesn't have it ? or it will require a user action?
- for UAG direct access with NAP shall i install both on one server ? and if i want to implement other enforcements will i do it in the same server or can apply it on another server
miércoles, 01 de agosto de 2012 8:23Propietario
Look in Event Viewer under Custom Views\Server Roles\Network Policy and Access Services.
Check the events here to make sure your client is not matching the noncompliant policy or the non NAP-capable policy. If it is matching either of these then it is probably still given restricted access.
miércoles, 01 de agosto de 2012 8:31there is no events in the NPS server.
miércoles, 01 de agosto de 2012 8:34one more thing i have the DHCP on the DC, do i need to install the NPS service on the DC as well ?
miércoles, 01 de agosto de 2012 15:53Propietario
NPS must be installed on the same server with DHCP. I assume you are using DHCP enforcement here.
- Marcado como respuesta Greg LindsayMicrosoft Employee, Owner viernes, 24 de agosto de 2012 3:36
jueves, 02 de agosto de 2012 23:07Propietario
You might want to read about NAP enforcement points (servers with NPS installed).http://technet.microsoft.com/en-us/library/dd125306(WS.10).aspx