Network Access Protection (NAP)

Latest news from the Network Access Protection (NAP) team at Microsoft.

NPS templates in Windows Server 2008 R2

NPS templates in Windows Server 2008 R2

  • Comments 1
  • Likes

NPS templates, the flagship feature of NPS in Windows Server 2008 R2, provides a huge reduction in cost of ownership and deployment for all NPS environments. NPS templates separate common RADIUS configuration elements such as RADIUS shared secrets and RADIUS clients from the configuration running on the server. When referenced, the NPS setting inherits the values configured in the specified template. A change in the template changes the corresponding value in all of the places in which the template is referenced. For example, a single RADIUS shared secret template can be referenced for multiple RADIUS clients and remote RADIUS servers. When you change the RADIUS shared secret template, the change is inherited by all of the RADIUS clients and remote RADIUS servers in which that RADIUS shared secret template is referenced.

You can also use NPS templates to assist in configuration with referencing them. For example, you can create a RADIUS client template that contains common settings (such as the vendor type or shared secret) for a specific group of RADIUS clients (such as all wireless APs from a specific vendor). When you create a new RADIUS client, you can select the RADIUS client template to obtain the common settings. When you unselect the template, the inherited settings remain and you can configure individual settings, such as the RADIUS client’s IP address.

Note  Template settings are not supported by commands in the netsh nps context. Using netsh nps commands will remove the reference to the template and change the configuration element specified in the command.

NPS template settings can also be easily migrated and synchronized across multiple NPS servers.

The following types of configuration elements use templates:

·         RADIUS shared secret

·         RADIUS clients

·         Remote RADIUS servers

·         IP filters

·         Health policies

·         Remediation server groups

You can configure templates for these configuration elements from the Templates Management node of the Network Policy Server snap-in. The following figure shows an example.

Templates in the new NPS snap-in

For a larger version of this figure, click here.

Individual templates can be added, edited, duplicated, or deleted. After they are configured, they can be referenced and de-referenced in the appropriate dialog boxes in the Network Policy Server snap-in.

The following table lists the different types of templates and where they are used in the Network Policy Server snap-in.

Template

Where it is used

RADIUS shared secret

When creating or configuring RADIUS clients, remote RADIUS server group members, RADIUS client templates, or remote RADIUS server templates

RADIUS clients

When creating or configuring RADIUS clients

Remote RADIUS servers

When creating or configuring remote RADIUS server group members

IP filters

When configuring IP Filters settings for a network policy

Health policies

When creating or configuring health policies

Remediation server groups

When creating or configuring remediation server groups

NAP Product Team

Comments
  • In a previous NAP blog entry , we described the new NPS templates feature in Windows Server 2008 R2.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment