We found that there are often computer access company networks that do not meet the company's security policy. Obtaining TCP/IP configuration from the company's DHCP server to access the corporate network poses a huge risk. In fact, we can use Windows Server 2008 Network Access Protection (NAP) technology to control these clients to obtain configuration from the DHCP server, in order to control their access to the company's intranet. Below the author deployment environment for a demonstration of the deployment and testing of "NAP for DHCP", I hope to help everyone.
Environment Description:
Ctocio: Windows Server 2008 DHCP Server, NAP Server
Test: Windows Vista Client
1. NAP Server Configuration
(1). Configure Health Policy Server
Log in to Ctocio as administrator administrator, click Start → Manage Tools to open the Network Policy Server window. Expand NPS (Local)→Network Access Protection→System Health Validator, double-click Windows Security Health Validator in the content panel, and click Configure in the Windows Security Health Validator Properties dialog box. Just check "Enable firewall for all network connections" under "Firewall", cancel all other options (note that you don't need to cancel the selection of "Windows Update"), click "OK" to close the "Windows Security Health Validator Properties" dialog frame. (Figure 1)
Figure 1 Windows Security Health Verification Program
It should be noted that the “Windows Security Health Verifier” is a SHV provided by Microsoft. It is mainly used to monitor the status of the client computer security center. Of course, if you want to monitor the security configuration of third-party manufacturers' products, you need to install SHV developed by other manufacturers.
(2). Configure update server group
In the right pane of the Network Policy Server window, under Network Access Protection, right-click Update Server Group and click New. In the pop-up dialog box, enter "Windows Settings Update Server Group 1" in the "Group Name", then click "Add", enter 192.168.1.1 under "IP Address or DNS Name", and then click "OK" twice. Explain that the servers included in this group should actually be placed on servers in the restricted network for patching clients, such as WSUS servers, virus database upgrade servers, and so on. (Figure 2)
Figure 2 New WSUS Server
Previous 12 3 4 5 Next Read More
The upcoming Windows 7 has attracted a lot of users attention, and various predictions and early tri
The use of the operating system is always necessary to set a password for the user. In order to ensu
In the Windows Server 2008 system environment, we sometimes see the recycle bin icon on the system d
Introduction Although remote MMC can be used to make configuration changes for the Windows Server 20
New product analysis: Windows Server 2008 Foundation
Using the graphical tools to manage account and group graphics on Server Core tutorial
Backup function in Windows Server 2008 is fully transparent
Win2008 prohibits P2P tool download principle and operation steps
Openstack create windows server 2008 mirror detailed steps
Solving Windows 2008 Cannot Create Thread Problem
Windows Server 2008 offline file configuration guide
Improvements to IIS 7.5 in Windows Server 2008 R2
Windows Server 2008 virus stealing account security risks
Windows10 digital signature can not be installed how to do
Win10 system recovery application is the default method of quick setting
Win10 Creator Update Build 14997 English Enterprise Edition ISO Image Download Address Leak
USB 2.0 driver cannot be installed under Windows XP
Hard disk partition RAW format is not accessible solution
Close win10 remote desktop and remote assistance tutorial
Win10 Preview 10547 Getting Started Video: Start Menu and Tablet Mode Improvement
Win10 Disk Cleanup and Optimization Method
Win8.1 version of Bing map preview to increase bus search experience