locked
Setting up NAP in 2008 standard RRS feed

  • Question

  • We have a small domain network.  I have recently upgraded our DCs to Server 2008 standard.  The domain is still in Server 2003 functional level (i have one server 2003 dc in a remote site).  I have been trying to set up NAP based on the procedures in the Server 2008 administrator's companion book.  I hit a snag on publishing the 'System Health Administration' certificate template.  The template does not show in the 'Certificate Templates to Issue' dialogue.  I assume that this is because it is based on the 'Workstation Authentication' template which is a Server 2003, Enterprise edition certificate template, and i am on Standard.  I tried the procedure again using the Server 2008 version the certificate but it still does not show in the dialogue for publishing.  So my question is:  How do you set up NAP when you are running Server Standard? 
    Tuesday, August 5, 2008 3:31 PM

Answers

  • Hi,

    Bottom line is you can skip those procedures if you prefer.

    An enterprise version of Server is needed only if you plan to issue NAP exemption certificates with autoenrollment, or if you want to use an enterprise CA to issue health certificates. In the step by step guide, an enterprise CA is used to autoenroll NAP exemption certificates, but this isn't strictly necessary. Alternatively, you can issue an offline request or use Web enrollment to provision exemption certificates from a standalone CA. It's a little more complicated to use this method.

    To issue health certificates from a standalone CA, just follow the procedures in the step by step guide. Publishing a new template isn't necessary for this. You can skip the procedures to create a system health authentication template and create a NAP exemption group. These steps are just provided to demonstrate how to create a template that can be used to exempt computers from NAP, or potentially for use as a health certificate if you prefer to use an enterprise CA as a NAP CA.

    -Greg
    Wednesday, August 6, 2008 12:29 AM