locked
Enforcement of WSUS using NAP RRS feed

  • Question

  •  

    hello there,

     

    i have a question, and i am not able to find a clear answer for it on the web.

     

    i am considering implementing a Windows 2008 NAP server in order to control the WIFI access, however, i need to enforce the WSUS update from a local WSUS server to all the clients who are not complaint to the policy

     

    can i do this through NAP or i need to develp a portal or something like that to direct the users to my local wsus.

     

    just a small note aside, the users are not member of the AD domain.

     

    thanks a lot in advance

    cheers

    oscar

     

    Thursday, February 28, 2008 5:07 PM

Answers

  • Hi Oscar,

     

    I think this should work with a certificate for authentication if you change the authentication settings in connection request policy.

     

    -Greg

     

    Sunday, March 2, 2008 4:34 PM

All replies

  • Hi Oscar,

     

    NAP can do this, but I don't think you can use 802.1X enforcement unless the clients authenticate to a domain. You can use DHCP enforcement or IPsec enforcement after the clients connect via wireless. Either of these methods can be configured to enforce security updates from WSUS using the built-in SHA/SHV.

     

    -Greg

    Friday, February 29, 2008 7:02 AM
  •  

    hello Greg,

     

    thanks very much for ur feedback

     

    you mean that i can not use the NAP enforcement for WSUS since it uses something like GPO!!

     

    what if i use certificate for the 802.1x authentication!!

     

    waiting for your feedback,

    best regards,

     

    oscar

     

    Friday, February 29, 2008 8:33 AM
  • Hi Oscar,

     

    I think this should work with a certificate for authentication if you change the authentication settings in connection request policy.

     

    -Greg

     

    Sunday, March 2, 2008 4:34 PM