Network Access Protection (NAP)

Latest news from the Network Access Protection (NAP) team at Microsoft.

Network Access Protection (NAP)

  • Tool for migrating IAS configuration settings to NPS is now available!

    Configuration settings for the Internet Authentication Service (IAS) in Windows Server 2003 are stored in .MDB files. Configuration settings for Network Policy Server (NPS) in Windows Server 2008 are stored in .XML files. If you install Windows Server...
  • What other networking experts have written about NAP

    Greg Lindsay, our NAP product documentation writer, and I are not the only ones writing about NAP. NAP is also being described by Thomas Shinder and Brien M. Posey . Check out the following content by these industry experts. Thomas Shinder’s articles...
  • Network Access Protection (NAP) Deployment Planning

    The following blog post has been extracted from the "Network Access Protection Deployment Planning Guide", by Susie Bernard (March 2007). Introduction Whether your organization is small, medium, or large, deploying an enterprise software solution...
  • Enhance your 802.1x deployment security with MAC filtering

    Ever wanted to tighten the security to the point that only some machines are allowed access on 802.1x/Wireless network? Well here’s the solution, combine MAC filtering, with EAP Authentication and you get, User AND machine authentication all in one. ...
  • System Health Agents (SHAs) that are available from Microsoft

    Greetings, fellow disciples of NAP! Here is a summary of the different system health agents (SHAs) that are currently available from Microsoft. Note: The following text was shamelessly “leveraged” from our own Greg Lindsay’s upcoming Network Access...
  • The "RADIUS client is NAP-capable" check box

    When you create a new RADIUS client or modify the settings of an existing RADIUS client from the RADIUS Clients node of the Network Policy Server snap-in, there is a RADIUS client is NAP-capable check box. Here is an example. What is this check...
  • NAP 802.1X Configuration Walkthrough – Part 1

    I just got back from TechEd 2008 North America (Orlando) where I presented two “breakout” sessions on NAP . It went off with a bang and most people really loved the sessions / demos. I have blogged a couple times in the past that I would document exactly...
  • NAP clients for Linux and Macintosh are available

    NAP Clients for Linux and Macintosh are available from Avenda and UNETsystem, Inc. Avenda The Avenda Linux NAP Agent includes 802.1X enforcement, the Avenda System Health Agent (SHA), and the Avenda Linux NAP Agent System Health Validator (SHV)...
  • System Health Agents (SHAs) and System Health Validators (SHVs) that are available from NAP partners

    In my previous blog post, System Health Agents (SHAs) that are available from Microsoft , I described the SHAs (and their corresponding system health validators [SHVs]) that you can use with Windows Security Center in Windows Vista and Windows XP with...
  • NPS templates in Windows Server 2008 R2

    NPS templates, the flagship feature of NPS in Windows Server 2008 R2, provides a huge reduction in cost of ownership and deployment for all NPS environments. NPS templates separate common RADIUS configuration elements such as RADIUS shared secrets and...
  • NAP 802.1X Configuration Walkthrough – Part 2

    NAP 802.1X Configuration Walkthrough – Part 2 This is a continuation from Part 1 . Step 2 – Windows Server 2008 NPS, the heart of NAP I am going to take a slightly different approach than the 802.1X step-by-step guide . Feel free to follow...
  • What is NAP traffic?

    Here is a question posed by a member of the NAP community: · What new traffic will there be on the network when I deploy NAP? A NAP deployment can have the following additional sets of network traffic: · Traffic between the NAP client and the...
  • The Low Down on Configuration Manager NAP Remediation (SCCM + NAP)

    I’m Carol Bailey, Senior Technical Writer for System Center Configuration Manager 2007 (formally SMS 2003), and I’m involved with many of the security-related features in Configuration Manager – including Internet-based client management, desired configuration...
  • Debugging NAP Errors (part 1)

    I’ve heard from a lot of folks who set up NAP in a lab who would love to have more information on all the great data that Network Policy Server (NPS) writes into the audit log. If you haven’t checked out our auditing, go to Server Manager and click on the main node for our role (Network Policy and Access Services). You will see all related NAP server events at the top of the right hand pane. This will be part 1 in a series of “Debugging NAP” posts. I decided to kick it off by examining the messages / errors which come from our Windows Security Center NAP integration piece (included in XP SP3, Vista and Server 2008). It is called the Windows System Health Agent on the client (or WSHA) and the Windows System Health Validator on the server (or WSHV). ...
  • SHV Multi-Config in Windows Server 2008 R2

    In Windows Server 2008, a system health validator (SHV) installed on the NPS server can be configured in a single way. This works well if your system health requirements are the same for all of your NAP enforcement methods and all of your computers. However...
  • NPS pattern matching heaven in Windows Server 2008

    Greetings! Sam Salhi here from the Network Policy Server (NPS) team. One of NPS’s most powerful features is Pattern Matching. What makes it so powerful is the use of regular expressions when dealing with it. Here’s a little example. Suppose that...
  • How to install Cisco's EAP-FAST method, from the EAP product team

    The Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) EAP type from Cisco Systems, Inc. has been certified for compatibility with Windows Vista with Service Pack 1 and Windows Server 2008 and is now available from...
  • NAP 802.1X Configuration Walkthrough – Part 3

    This is a continuation from Part 1 and Part 2 . Step 3 – NAP Clients, it’s just too easy NAP can be configured from the command-line, the MMC (except on XP SP3) and of course Group Policy (GP). Since this is a workgroup scenario, I am going to...
  • NPS enhancements in Windows Server 2008 R2

    As you are already aware, the beta version of Windows Server 2008 R2 is now available to the public for beta testing. See http://www.microsoft.com/windowsserver2008/en/us/R2-Beta.aspx for more information and the link to download the beta. Here is...
  • Changes to the NAP user experience in Windows 7

    Windows 7 and Windows Server 2008 R2 are now available as public betas. In Windows 7, the NAP client user interface (UI) has been integrated into the Windows Action Center (previously known as the Windows Security Center). For example, Network Access...
  • Updated NAP SDK samples released

    Hi Windows 7 SDK RC has been released to the public. The web setup format can be accessed at http://www.microsoft.com/downloads/details.aspx?familyid=F75F2CA8-C1E4-4801-9281-2F5F28F12DBD&displaylang=en and the ISO format can be accessed at...
  • The no enforcement design for NAP

    Although NAP can be used to enforce restricted access for noncompliant NAP clients and non-NAP-capable clients, NAP can also be used to provide you with information about the overall level of health compliance on your network and correct system health...
  • New blog for the Windows Server User Assistance Networking writing team

    There is a new blog being published by the Windows Server User Assistance Networking (WSUAN) writing team: http://blogs.technet.com/wsnetdoc/default.aspx The IT Pro and Developer writers on the WSUAN writing team are using this blog to describe...
  • Auto-Provision your NAP clients with DNS!

    Well hello. I’m Gavin Carius, an Architect in Microsoft Australia. Jeff has been “inviting” me for some time to write about this cool thing in NAP we call “HRA Discovery” – so here goes my first NAP blog post! A great feature with NAP IPSec enforcement...
  • Five Ways to Draw More Value from Microsoft NAP Deployments

    Here is a guest posting from our NAP Partner Avenda Systems . When the founders of Avenda Systems decided to build a Policy Platform, one of the first stops included Microsoft. NAP was in the works and discussions with other industry experts...