locked
compliant computer or Non compliant computer in NAP RRS feed

  • Question

  • Hello,

    I have Setup NAP, and my client able to Access Network.

    But i have setup Network Policy and Health policy as well.

    as they setup , without turned on Firewall , user will not able go Access our Network.

    but our user still call access our network.

    i want to know, ethier my Client computer are compliant computer or Non compliant.

    how do i know.

    please advice. Thank you


    www.aniyanetworks.net

    Monday, December 16, 2013 6:26 PM

Answers

All replies

  • Hello,

    In order for a noncompliant computer to be restricted, it must match the noncompliant policy on NPS and the noncompliant policy must be configured to restrict access.

    First, make sure you have created the policies on NPS. Use the NAP wizard for this.

    On NPS, look in Event Viewer at Custom Views\Server Roles\Network Policy and Access Services. There will be an event that tells you what policy was matched by the client. You will see the client name.

    On the client you can also type "netsh nap client show state" at a command prompt, or type "napstat" at a command prompt. If the computer is not restricted it will say "Not restricted" next to Restriction state.

    If the client is not matching the correct policy on NPS, it will probably not be restricted.

    Thanks,

    -Greg

    Tuesday, December 17, 2013 12:49 AM
  • Hello Greg,

    Thanks for your Reply,

    Yes, i have 3 category's of Policies under NPS Policies.

    in Connection Request Policies >NAP Wireless Connection Policies

    in Network Policies we have > NAP Wireless Connection (Compliant)

    NAP Wireless Connection (nonCompliant)

    and in Health Policies we have NAP Secure Wireless (Compliant)

    and NAP Secure Wireless (nonCompliant)

    and WSHV- Default Configuration

    all of them are set correctly, i guess.

    but still my client can access , but network should reject connect. bcoz of Firewall is turned off.

    and when i tried to follow your command i got this message, but my client NAPA service was running. 

     C:\Windows\system32>netsh nap client show state
    The "Network Access Protection Agent" service is not running.

    and when i ran this command "napstat" nothing comes up. 

    do i need to configure anything in SCCM 2012? please advice.

    Thank you


    www.aniyanetworks.net

    Tuesday, December 17, 2013 3:19 PM
  • Hello,

    The problem is with the NAP client computer. You must start the NAP agent and enable the enforcement client.

    Have you read the documentation? Please see http://technet.microsoft.com/library/dd314156.aspx

    Basically, you need to:

    1) Start NAP agent on the client computer.

    - you can do this using Group Policy or locally.

    2) Enable the EAP quarantine enforcement client.

    - you can do this using Group Policy or locally.

    The link above will tell you how to configure these settings in Group Policy.

    http://technet.microsoft.com/library/dd314182.aspx

    http://technet.microsoft.com/library/dd314159.aspx

    http://technet.microsoft.com/library/dd314162.aspx

    -Greg

    Friday, December 20, 2013 5:54 AM