locked
windows server 2008 NAP Clients RRS feed

  • Question

  • hi all,

    i have configured NAP DHCP enforcement in a lab it works fine and the user is isolated to only the remediation server  but when i want to test if the client is complaint by removing the complaint  settings from the windows security health validator it still in the restricted to the remediation servers although i renew the IP and restart still the same

    any help

    thanks


    Tarek Khairy

    Tuesday, July 31, 2012 11:14 AM

Answers

  • Hi Tarek,

    NPS must be installed on the same server with DHCP. I assume you are using DHCP enforcement here.

    -Greg

    Wednesday, August 1, 2012 3:53 PM

All replies

  • hi all

    i want to implement NAP and im confused what enforcements to use

    i don't have IPsec implemented on my environment and i want to use NAP with UAG direct access i want to know what is the best enforcements and how to implement it and if i will use UAG direct access do i still need VPN ?

    Thanks


    Tarek Khairy

    Tuesday, July 31, 2012 7:37 AM
  • Hi Tarek,

    Thanks for posting here.

    Could we first try to manually restart the NAP Agent service on client and see how is going ?

    Net stop napagent

    Net start napagent

    Meanwhile, do we have any error or warring on client ?

    Fixing Remediation Problems

    http://technet.microsoft.com/en-us/library/dd348520(WS.10).aspx

    IPsec enforcement is the option we have in DA deployment :

    Planning Forefront UAG DirectAccess with Network Access Protection (NAP)

    http://technet.microsoft.com/en-us/library/ee809068.aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Wednesday, August 1, 2012 4:40 AM
  • Thanks for the reply, i try to stop and start the napagent service but the problem still the same. i configured the router option as described in the article above still the same, actually i configured the NAP remediation server as my DHCP so the client can reach the DHCP server but i don't know why the policy still applied after i remove the settings from windows security health validator i even remove it for the XP clients while i have only windows 7 clients.

    - there is no any errors in the event viewer for the client.

    - for the remediation servers if i have SCCM what it can do for the non complaint clients? can it update the antivirus or anti spam or install it if the client doesn't have it ? or it will require a user action?

    - for UAG direct access with NAP shall i install both on one server ? and if i want to implement other enforcements will i do it in the same server or can apply it on another server

    Thanks


    Tarek Khairy

    Wednesday, August 1, 2012 7:47 AM
  • Hi,

    Look in Event Viewer under Custom Views\Server Roles\Network Policy and Access Services.

    Check the events here to make sure your client is not matching the noncompliant policy or the non NAP-capable policy. If it is matching either of these then it is probably still given restricted access.

    -Greg

    Wednesday, August 1, 2012 8:23 AM
  • there is no events in the NPS server.

    Tarek Khairy

    Wednesday, August 1, 2012 8:31 AM
  • one more thing i have the DHCP on the DC, do i need to install the NPS service on the DC as well ?

    Tarek Khairy

    Wednesday, August 1, 2012 8:34 AM
  • Hi Tarek,

    NPS must be installed on the same server with DHCP. I assume you are using DHCP enforcement here.

    -Greg

    Wednesday, August 1, 2012 3:53 PM
  • You might want to read about NAP enforcement points (servers with NPS installed).

    http://technet.microsoft.com/en-us/library/dd125306(WS.10).aspx
    Thursday, August 2, 2012 11:07 PM