Skip to content

Step by Step : Network Access Protection (NAP) Deployment in Windows Server 2012 R2 – Part 3 of 7 (Configure Network Policies)

July 20, 2014

This is my Part 3 of 7 on NAP, which is Configure Network Policies.

Before we get started, we need to understand a bit information related to Network Policy Server network policy.

NPS network policies perform multiple checks to verify whether different conditions about the remote access user and computer are met.

Based on the verification results, NPS network policy will allow or deny the remote access.

If all NPS Network Policies are deleted, then remote access will be denied to users that are configured using NPS Network Policy, because there is no NPS Network Policy available to authorize them for remote access.

** make sure you continue from previous step which is step 2 : Configure Health Policies.

1 – Open Network Policy Server console, under Policies, click Network Policies and then disable the two default policies found under Policy Name by right clicking the policies, and then clicking Disable.

36

2 – Right-click Network Policies, and then click New

37

3 – On the Specify Network Policy Name and Connection Type interface, in the Policy name box, type OSI-Compliant-Full-Access, and then click Next

38

4 – On the Specify Conditions interface, click Add

39

5 – In the Select condition dialog box, browse Health Policies and then double-click on it…

40

6 – In the Health Policies interface, in the Health policies box, type OSI-Compliant, and then click OK

41

7 – On the Specify Conditions interface, click Next

42

8 – On the Specify Access Permission interface, click Access Granted button and then click Next

43

9 – On the Configure Authentication Methods interface, clear all check boxes but select the Perform machine health check only check box, and then click Next…

44

10 – On the Configure Constraints interface, click Next…

45

11 – On the Configure Settings interface, click NAP Enforcement. Verify that Allow full network access is selected, and then click Next…

46

12 – On the Completing New Network Policy interface, verify the Policy Conditions, and then click Finish…

47

13 – In the Network Policy Server console, verify that OSI-Compliant-Full-Access listed under Policy Name…

48

14 – Right-click Network Policies, and then click New

49

15 – On the Specify Network Policy Name And Connection Type interface, in the Policy name box, type OSI-Noncompliant-Restricted, and then click Next

50

16 – On the Specify Conditions interface, click Add

51

17 – In the Select condition dialog box, double-click Health Policies

52

18 – In the Health Policies dialog box, in the Health policies box, type OSI-Noncompliant, and then click OK…

53

19 – On the Specify Conditions interface, click Next…

54

20 – On the Specify Access Permission interface, verify that Access granted is selected, and then click Next…

55

21 – On the Configure Authentication Methods interface, clear all check boxes but make sure you select the Perform machine health check only check box, and then click Next…

56

22 – On the Configure Constraints interface, just click Next to proceed…

57

23 – On the Configure Settings interface, click NAP Enforcement. Click Allow limited access and clear the Enable auto-remediation of client computers check box…

58

24 – Don’t click Next just yet, but click IP Filters, then click Input Filters

59

25 – On the Inbound Filters interface,  click New

60

26 – In the Edit IP Filter dialog box, select Destination network, then in the IP address box, type 172.16.0.101, in the Subnet mask box, type 255.255.255.255, and then click OK

61

27 – On the  Inbound Filters interface, click click Permit only the packets listed below, and then click OK…

62

28 – Still in the New Network Policy interface, under IPv4, click Output Filters, and then click New

63

29 – On the outbound Filters interface, click New

64

30 – In the Edit IP Filter dialog box, select Source network, in the IP address box, type 172.16.0.101, in the Subnet mask box, type 255.255.255.255, and then click OK…

65

31 – On the Outbound Filters interface, click Permit only the packets listed below, and then click OK…

66

32 – On the Configure Settings interface, click Next…

67

33 – On the Completing New Network Policy interface, click Finish

68

34 – On the Network Policy Server console, under Policy Name, verify that we have 2 policy listed…

69

 

We done for now, on my next post, i will go through step by step on Connection Request Polices for VPN configuration…

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: