none
Which supported Server for NAP

    Pregunta

  • Hi,

    i'm confused a little bit as i found some articles says that NAP is deprecated, so please i need to know which os and clients supported .

    Thanks 

    viernes, 30 de marzo de 2018 16:22

Respuestas

  • Hi Ahmed,

    I'm getting this from the official documentaion for NAP https://msdn.microsoft.com/en-us/library/windows/desktop/aa369712%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

    The Network Access Protection platform is not available starting with Windows 10.

    The NAP platform requires NAP infrastructure servers running Windows Server 2008 or later and NAP clients running Windows XP with Service Pack 3 (SP3), Windows Vista, or later operating systems.

    Regards

    Simon


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful. Regards Simon Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights.

    • Marcado como respuesta Ahmed_Essam martes, 3 de abril de 2018 17:06
    viernes, 30 de marzo de 2018 16:29
  • Hi,

    The NAP is deprecated in Windows server 2012 R2 and not supported on Windows 2016, to get more details about NAP and supported OS , see the following link:  

    NAP and OS 


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    • Marcado como respuesta Ahmed_Essam martes, 3 de abril de 2018 17:06
    viernes, 30 de marzo de 2018 16:36
  • Hi Ahmed,

    Thanks for your question.

    I agree with Simon and Thameur’s above clarification. NAP is deprecated in Windows server 2012 R2 and not supported on Windows 2016, and is not available starting with Windows 10. More detailed information, please refer to the following link:

    https://docs.microsoft.com/fr-fr/windows-server/networking/technologies/dhcp/what-s-new-in-dhcp

    Furthermore, NAP clients can be members of an Active Directory domain or they can be non-domain-joined computers. Support for non-domain-joined computers varies, depending on the type of enforcement method you use. For more information about support for NAP client computers in domain and non-domain-joined environments. More information, please refer to the following article:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754803%28v%3dws.10%29

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd125301(v=ws.10)

    Hope above information helpful.

    Highly appreciate your effort and time. If you have any questions and concerns, please feel free to let me know.

    Best regards, 

    Michael 


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marcado como respuesta Ahmed_Essam lunes, 2 de abril de 2018 11:22
    lunes, 2 de abril de 2018 3:28
  • Hi Ahmed,

    Thanks for your update.

    If the client is not part of the domain, then your server will not have any rights to remediate if it doesn't comply.  Also, if it is not a member of the domain, then the server can not check the said client to see if it does comply because it doesn't have management access to the device.

    One of the services that can be well-integrated with NAP and support for non-domain members is DHCP.

    Regarding NAP with DHCP, please refer to the following article,

    http://blog.windowsserversecurity.com/2011/04/18/network-access-protection-with-dhcp-step-by-step-guide/

    Reference link:

    https://www.microsoftpressstore.com/articles/article.aspx?p=2224362&seqNum=3

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope above information can help you.

    Highly appreciate your effort and time. If you have any questions and concerns, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marcado como respuesta Ahmed_Essam martes, 3 de abril de 2018 15:00
    • Desmarcado como respuesta Ahmed_Essam martes, 3 de abril de 2018 21:14
    • Marcado como respuesta Ahmed_Essam martes, 3 de abril de 2018 21:15
    martes, 3 de abril de 2018 9:42

Todas las respuestas

  • Hi Ahmed,

    I'm getting this from the official documentaion for NAP https://msdn.microsoft.com/en-us/library/windows/desktop/aa369712%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

    The Network Access Protection platform is not available starting with Windows 10.

    The NAP platform requires NAP infrastructure servers running Windows Server 2008 or later and NAP clients running Windows XP with Service Pack 3 (SP3), Windows Vista, or later operating systems.

    Regards

    Simon


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful. Regards Simon Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights.

    • Marcado como respuesta Ahmed_Essam martes, 3 de abril de 2018 17:06
    viernes, 30 de marzo de 2018 16:29
  • Hi,

    The NAP is deprecated in Windows server 2012 R2 and not supported on Windows 2016, to get more details about NAP and supported OS , see the following link:  

    NAP and OS 


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    • Marcado como respuesta Ahmed_Essam martes, 3 de abril de 2018 17:06
    viernes, 30 de marzo de 2018 16:36
  • Thanks so much for your help, I've read that i have to enable network access protection agent on client computer and i can done this using group policy, but what about non-domain joined computers 

    thanks again

     
    sábado, 31 de marzo de 2018 17:25
  • Hi Ahmed,

    Thanks for your question.

    I agree with Simon and Thameur’s above clarification. NAP is deprecated in Windows server 2012 R2 and not supported on Windows 2016, and is not available starting with Windows 10. More detailed information, please refer to the following link:

    https://docs.microsoft.com/fr-fr/windows-server/networking/technologies/dhcp/what-s-new-in-dhcp

    Furthermore, NAP clients can be members of an Active Directory domain or they can be non-domain-joined computers. Support for non-domain-joined computers varies, depending on the type of enforcement method you use. For more information about support for NAP client computers in domain and non-domain-joined environments. More information, please refer to the following article:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754803%28v%3dws.10%29

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd125301(v=ws.10)

    Hope above information helpful.

    Highly appreciate your effort and time. If you have any questions and concerns, please feel free to let me know.

    Best regards, 

    Michael 


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marcado como respuesta Ahmed_Essam lunes, 2 de abril de 2018 11:22
    lunes, 2 de abril de 2018 3:28
  • Thanks Michael,

    the provided links is very informative, but i couldn't find the part of configure non-domain computers to use NAP 

    thanks again for your help 

    lunes, 2 de abril de 2018 11:24
  • Hi Ahmed,

    Thanks for your update.

    If the client is not part of the domain, then your server will not have any rights to remediate if it doesn't comply.  Also, if it is not a member of the domain, then the server can not check the said client to see if it does comply because it doesn't have management access to the device.

    One of the services that can be well-integrated with NAP and support for non-domain members is DHCP.

    Regarding NAP with DHCP, please refer to the following article,

    http://blog.windowsserversecurity.com/2011/04/18/network-access-protection-with-dhcp-step-by-step-guide/

    Reference link:

    https://www.microsoftpressstore.com/articles/article.aspx?p=2224362&seqNum=3

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope above information can help you.

    Highly appreciate your effort and time. If you have any questions and concerns, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marcado como respuesta Ahmed_Essam martes, 3 de abril de 2018 15:00
    • Desmarcado como respuesta Ahmed_Essam martes, 3 de abril de 2018 21:14
    • Marcado como respuesta Ahmed_Essam martes, 3 de abril de 2018 21:15
    martes, 3 de abril de 2018 9:42
  • Thanks so much for your help

    Final question

    In System health Validators (SHV), there's an option for antivirus is installed and up to date, this option applied for non-microsoft antivirus such as Symantec endpoint or applied for system center endpoint protection and windows defender only

    martes, 3 de abril de 2018 15:04