Network Access Protection (NAP)

Latest news from the Network Access Protection (NAP) team at Microsoft.

Network Access Protection (NAP)

  • Network Access Protection (NAP) Deployment Planning

    The following blog post has been extracted from the "Network Access Protection Deployment Planning Guide", by Susie Bernard (March 2007). Introduction Whether your organization is small, medium, or large, deploying an enterprise software solution...
  • Tool for migrating IAS configuration settings to NPS is now available!

    Configuration settings for the Internet Authentication Service (IAS) in Windows Server 2003 are stored in .MDB files. Configuration settings for Network Policy Server (NPS) in Windows Server 2008 are stored in .XML files. If you install Windows Server...
  • System Health Agents (SHAs) that are available from Microsoft

    Greetings, fellow disciples of NAP! Here is a summary of the different system health agents (SHAs) that are currently available from Microsoft. Note: The following text was shamelessly “leveraged” from our own Greg Lindsay’s upcoming Network Access...
  • Enhance your 802.1x deployment security with MAC filtering

    Ever wanted to tighten the security to the point that only some machines are allowed access on 802.1x/Wireless network? Well here’s the solution, combine MAC filtering, with EAP Authentication and you get, User AND machine authentication all in one. ...
  • NAP 802.1X Configuration Walkthrough – Part 1

    I just got back from TechEd 2008 North America (Orlando) where I presented two “breakout” sessions on NAP . It went off with a bang and most people really loved the sessions / demos. I have blogged a couple times in the past that I would document exactly...
  • The "RADIUS client is NAP-capable" check box

    When you create a new RADIUS client or modify the settings of an existing RADIUS client from the RADIUS Clients node of the Network Policy Server snap-in, there is a RADIUS client is NAP-capable check box. Here is an example. What is this check...
  • What other networking experts have written about NAP

    Greg Lindsay, our NAP product documentation writer, and I are not the only ones writing about NAP. NAP is also being described by Thomas Shinder and Brien M. Posey . Check out the following content by these industry experts. Thomas Shinder’s articles...
  • NAP clients for Linux and Macintosh are available

    NAP Clients for Linux and Macintosh are available from Avenda and UNETsystem, Inc. Avenda The Avenda Linux NAP Agent includes 802.1X enforcement, the Avenda System Health Agent (SHA), and the Avenda Linux NAP Agent System Health Validator (SHV)...
  • System Health Agents (SHAs) and System Health Validators (SHVs) that are available from NAP partners

    In my previous blog post, System Health Agents (SHAs) that are available from Microsoft , I described the SHAs (and their corresponding system health validators [SHVs]) that you can use with Windows Security Center in Windows Vista and Windows XP with...
  • Changes to the NAP user experience in Windows 7

    Windows 7 and Windows Server 2008 R2 are now available as public betas. In Windows 7, the NAP client user interface (UI) has been integrated into the Windows Action Center (previously known as the Windows Security Center). For example, Network Access...
  • NPS templates in Windows Server 2008 R2

    NPS templates, the flagship feature of NPS in Windows Server 2008 R2, provides a huge reduction in cost of ownership and deployment for all NPS environments. NPS templates separate common RADIUS configuration elements such as RADIUS shared secrets and...
  • NAP 802.1X Configuration Walkthrough – Part 2

    NAP 802.1X Configuration Walkthrough – Part 2 This is a continuation from Part 1 . Step 2 – Windows Server 2008 NPS, the heart of NAP I am going to take a slightly different approach than the 802.1X step-by-step guide . Feel free to follow...
  • NAP Virtual Lab now available on Microsoft.com

    Hi everyone, I’m happy to announce that we’ve added a NAP Virtual Lab to the NAP Events and Webcasts . This is an IPsec enforcement lab using a Windows Server 2003 DC, Windows Server 2008 Beta 3 Network Policy Server (NPS), and two Vista clients...
  • The Low Down on Configuration Manager NAP Remediation (SCCM + NAP)

    I’m Carol Bailey, Senior Technical Writer for System Center Configuration Manager 2007 (formally SMS 2003), and I’m involved with many of the security-related features in Configuration Manager – including Internet-based client management, desired configuration...
  • What is NAP traffic?

    Here is a question posed by a member of the NAP community: · What new traffic will there be on the network when I deploy NAP? A NAP deployment can have the following additional sets of network traffic: · Traffic between the NAP client and the...
  • Debugging NAP Errors (part 1)

    I’ve heard from a lot of folks who set up NAP in a lab who would love to have more information on all the great data that Network Policy Server (NPS) writes into the audit log. If you haven’t checked out our auditing, go to Server Manager and click on the main node for our role (Network Policy and Access Services). You will see all related NAP server events at the top of the right hand pane. This will be part 1 in a series of “Debugging NAP” posts. I decided to kick it off by examining the messages / errors which come from our Windows Security Center NAP integration piece (included in XP SP3, Vista and Server 2008). It is called the Windows System Health Agent on the client (or WSHA) and the Windows System Health Validator on the server (or WSHV). ...
  • NAP 802.1X Configuration Walkthrough – Part 3

    This is a continuation from Part 1 and Part 2 . Step 3 – NAP Clients, it’s just too easy NAP can be configured from the command-line, the MMC (except on XP SP3) and of course Group Policy (GP). Since this is a workgroup scenario, I am going to...
  • SHV Multi-Config in Windows Server 2008 R2

    In Windows Server 2008, a system health validator (SHV) installed on the NPS server can be configured in a single way. This works well if your system health requirements are the same for all of your NAP enforcement methods and all of your computers. However...
  • Auto-Provision your NAP clients with DNS!

    Well hello. I’m Gavin Carius, an Architect in Microsoft Australia. Jeff has been “inviting” me for some time to write about this cool thing in NAP we call “HRA Discovery” – so here goes my first NAP blog post! A great feature with NAP IPSec enforcement...
  • NPS pattern matching heaven in Windows Server 2008

    Greetings! Sam Salhi here from the Network Policy Server (NPS) team. One of NPS’s most powerful features is Pattern Matching. What makes it so powerful is the use of regular expressions when dealing with it. Here’s a little example. Suppose that...
  • My review of Information Week’s “Rolling Review: Microsoft NAP”

    Greetings, keepers of the NAP flame! On August 2, Information Week published an article titled “ Rolling Review: Microsoft NAP .” I would like to comment on it on behalf of the NAP product team and add technical clarity where I can. 1. Opening paragraph...
  • NPS enhancements in Windows Server 2008 R2

    As you are already aware, the beta version of Windows Server 2008 R2 is now available to the public for beta testing. See http://www.microsoft.com/windowsserver2008/en/us/R2-Beta.aspx for more information and the link to download the beta. Here is...
  • How to install Cisco's EAP-FAST method, from the EAP product team

    The Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) EAP type from Cisco Systems, Inc. has been certified for compatibility with Windows Vista with Service Pack 1 and Windows Server 2008 and is now available from...
  • NPS/NAP Logging - BSU.EDU style!

    Hey NAP fans, I’m Alex Chalmers from Ball State University with a guest post about NPS logging. If you made it to one of Jeff’s TechEd IT Pro presentations , you’ll remember me discussing our NAP implementation and some of the challenges that we’ve...
  • What is the NAP client doing?

    Greetings, Guardians of NAPness! Here is an interesting question about NAP client behavior that was posed by a fellow NAP fan: How does a NAP client communicate a change in health state and get reevaluated and what sort of ongoing traffic is there...