locked
NAP 802.1X DC in quarantine Zone RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    In 802.1X NAP every desktop that restarts remains in quarantine zone unless the machine is started completely and NAP service is as well up which at then brings the machine in corp VLAN/zone.

    Problem then is computer policy is never applied to machine. One solution is to have a DC in quarantine zone.

    What is the recommended way to come across this ?

    Shahid Roofi
    Thursday, December 16, 2010 7:52 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Shahid,

     

    Thanks for posting here.

     

    You may consider deploying Remediation Server in this scenario .For more information please take look the links below:

     

    Planning the Placement of a NAP Remediation Server

    http://technet.microsoft.com/en-us/library/dd125378(WS.10).aspx

     

    802.1X Enforcement Example

    http://technet.microsoft.com/en-us/library/dd125336(WS.10).aspx

     

    Thanks.

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Shahid Roofi Monday, December 20, 2010 7:51 PM
    Friday, December 17, 2010 4:51 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Yes, thanks Tiger for the link.

    Actually what i've concluded is, its required to have DC in quarantine zone as a part of remediation server group.

    And that's in case of 802.1X a requirement

    Shahid Roofi
    • Marked as answer by Shahid Roofi Monday, December 20, 2010 7:51 PM
    Monday, December 20, 2010 7:51 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Shahid,

    I am not following your question very well. What do you mean about "Problem then is computer policy is never applied to machine. One solution is to have a DC in quarantine zone."?

    Regards

    Qunshu

    Thursday, December 16, 2010 8:02 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I mean to say, DC is in the corp zone/VLAN. Now during the boot process of the machine, at the stage of applying computer settings, the computer is still in quarantine zone without any DC in that zone/VLAN. Now definitively group policy of computers cannot reach that computer. Computer is into the corp zone long after that stage.

    I hope you are now getting my point

    Shahid Roofi
    Thursday, December 16, 2010 8:17 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Shahid,

     

    Thanks for posting here.

     

    You may consider deploying Remediation Server in this scenario .For more information please take look the links below:

     

    Planning the Placement of a NAP Remediation Server

    http://technet.microsoft.com/en-us/library/dd125378(WS.10).aspx

     

    802.1X Enforcement Example

    http://technet.microsoft.com/en-us/library/dd125336(WS.10).aspx

     

    Thanks.

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Shahid Roofi Monday, December 20, 2010 7:51 PM
    Friday, December 17, 2010 4:51 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Shahid,

    If there is any update on this issue, please feel free to let us know.

    We are looking forward to your reply.

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact tngfb@microsoft.com

     

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, December 20, 2010 11:28 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Yes, thanks Tiger for the link.

    Actually what i've concluded is, its required to have DC in quarantine zone as a part of remediation server group.

    And that's in case of 802.1X a requirement

    Shahid Roofi
    • Marked as answer by Shahid Roofi Monday, December 20, 2010 7:51 PM
    Monday, December 20, 2010 7:51 PM