none
Begining with NAP RRS feed

  • Question

  • Hi,

    I administer a Windows 2016 domain with three brach offices and a CPD in another location. All users are in the branch offices.

    We have 3 sites. Site 1 is for Branch 1, Site 2 for Branch 2 and Site 3 for central CPD and Branch 3.

    All users and computers belong to domain, and we have an EPO McAfee server for antivirus and WSUS for Windows Updates.

    We receive external workers all the time in every branch office. They have domain users for accesing servers and resources in domain, but their computers don't belong to the domain.

    We want to implement a NAP solution, so that when a computer plugs into the network and a user tries to access the domain in some way (RDP connection, SMB connection or whatever way it establishes connection to domain), we can check if it is a secure computer (i.e., updated antivirus and windows). If not, take it to a network place where it can solve the uncompliances, and when it fullfil the requests, then be granted access.

    I know the concept, but I don't know how to put on work. I don't want radius server for remote access and things like that. I just need to know how many servers I need, with which roles each, where they need to be placed, and how exactly give computers access to the remediate servers, and how all this mixes with current infrastructure.

    I have found theoretical documentation in Microsoft site, but no hands on and practical information about this.

    Hope you can help me with this.



    Thursday, April 16, 2020 11:08 AM

Answers

  • Hi ,

    In fact, NAP was deprecated in Windows Server 2012 R2 and NAP is not supported in windows 10,also are not available in Windows Server 2016.


    Based on my research, the approach that comes most close is Mobile Device Management (MDM) and apply AV polices and Windows Update policies using System Center Configuration Manager.

    Here is a similar thread discussed before, please see:

    NAP in windows server 2016

    I also found an earlier article discussing how to build NAP, you could take a look:

    Configuring Windows Firewall and Network Access Protection

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Candy



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Friday, April 17, 2020 8:45 AM
    Moderator

All replies

  • Hi ,

    Please understand, for customize deployment of large environments, it has beyond forum scope level.

    According to your complexity of the environment, we always suggest you open a advisory case with Microsoft Premier support team. In this way, they can have a clear picture about your requirements and your environment by phone communication and live share session.

    Thank you for your understanding.

    For more information about our Premier support, please see:

    https://www.microsoft.com/en-us/microsoftservices/support.aspx

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Friday, April 17, 2020 8:08 AM
    Moderator
  • Thanks, I know it is a complex situation, but I don't need a complete solution from the forum.

    I cannot afford open a case. I just need some guidance. A kind of how to simple scenario as a point of starting. Once I have the basis, I can build a laboratory in which expand complexity.

    Things like, for example, Windows 8 clients have a NAP client which reports health status to nap server, but Windows 10 doesn't. How can be Windows 10 clients managed?

    Friday, April 17, 2020 8:14 AM
  • Hi ,

    In fact, NAP was deprecated in Windows Server 2012 R2 and NAP is not supported in windows 10,also are not available in Windows Server 2016.


    Based on my research, the approach that comes most close is Mobile Device Management (MDM) and apply AV polices and Windows Update policies using System Center Configuration Manager.

    Here is a similar thread discussed before, please see:

    NAP in windows server 2016

    I also found an earlier article discussing how to build NAP, you could take a look:

    Configuring Windows Firewall and Network Access Protection

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Candy



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Friday, April 17, 2020 8:45 AM
    Moderator
  • Well, thank you. If NAP is not supported in Windows 10, nothing else can be done. Let's see if customer wants to pay for MDM and SCMM 

    Friday, April 17, 2020 10:26 AM