-
Hi
The RTM release of SDK samples for Windows 7 is now available for download. The samples can be downloaded in ISO format or Web Setup format. This release contains some updates to the NAP SDK samples over the Win7 SDK samples RC release.
Thanks
Ravi
-
The Cable Guy article in the June 2009 issue of TechNet Magazine online, titled “NAP on the Internet,” is now available. Network Access Protection (NAP) on the Internet is an extension of the Internet Protocol security (IPsec) enforcement method to include mobile computers that are connected to the Internet. Learn how you can use NAP on the Internet to evaluate and automatically correct system health on your managed and roaming computers.
For a listing of the most recent The Cable Guy articles, click here.
NAP Product Team
-
Hi
Windows 7 SDK RC has been released to the public. The web setup format can be accessed at http://www.microsoft.com/downloads/details.aspx?familyid=F75F2CA8-C1E4-4801-9281-2F5F28F12DBD&displaylang=en
and the ISO format can be accessed at http://www.microsoft.com/downloads/details.aspx?FamilyID=6db1f17f-5f1e-4e54-a331-c32285cdde0c&displaylang=en. This release contains the revised NAP SDK samples for win 7 SDK RC release.
Thanks
Ravi
-
Hey NAP Fans!
If you are attending TechEd 2009 in Los Angeles this week, be sure to stop by the NAP booth in the Microsoft Technical Learning Center (TLC). It is a great opportunity to meet and speak with NAP team members and learn about some of the enhancements and new scenarios in Windows® 7 and Windows® Server 2008 R2.
Also there are at least two breakout sessions that would be useful for anyone interested in learning more about NAP deployments. Both are on Friday May 15th:
WSV206 Windows Clients and Windows Server 2008 NAP: Why They Are Better Together
Presenter: Jay Ferron
Fri 5/15 | 9:00 AM-10:15 AM | Room 502A
WSV305 Deploying NAP: Best Practices and Lessons Learned
Presenters: Venkatesh Gopalakrishnan, Lambert Green
Fri 5/15 | 2:45 PM-4:00 PM | Room 403B
Hope to see you there,
The NAP Team
-
There is a new blog being published by the Windows Server User Assistance Networking (WSUAN) writing team:
http://blogs.technet.com/wsnetdoc/default.aspx
The IT Pro and Developer writers on the WSUAN writing team are using this blog to describe the improvements that they are making to networking documentation for Windows Server and to share technical tips and tricks.
Check it out.
The NAP Product Team
-
In Windows Server 2008, a system health validator (SHV) installed on the NPS server can be configured in a single way. This works well if your system health requirements are the same for all of your NAP enforcement methods and all of your computers. However, some deployments require different sets of health requirements for different enforcement methods and different groups of computers. For example, you might want to specify that desktop computers must have their anti-virus software enabled and VPN-connected computers must have their anti-virus software enabled and signature file up-to-date.
In Windows Server 2008 R2, the NAP platform supports SHVs in multiple configurations to support these more advanced configurations, a feature known as SHV multi-config. Existing SHVs must be updated to take advantage of this new feature and new SHVs should be written to use this feature. The Windows Security Health Validator (WSHV) provided with Windows Server 2008 R2 supports SHV multi-config. For more information, see the new INapComponentConfig3 API at http://msdn.microsoft.com/en-us/library/dd392506(VS.85).aspx.
To see the SHV multi-config support for the WSHV, use the Network Policy Server snap-in and open Network Access Protection-System Health Validators-Windows System Health Validator-Settings. The following figure shows an example.
For a larger version of this figure, click here.
There is a default configuration that you can configure if you only need a single configuration of the WSHV settings. This default configuration cannot be deleted or renamed. When you create health requirement policies with the NAP wizard, it will configure your health policies to use this default configuration.
To create another configuration for the WSHV, do the following:
1. Right-click Settings, and then click New.
2. In the Configuration Friendly Name dialog box, type a name for the new configuration, and then click OK.
3. In the Windows Security Health Validator dialog box, specify the system health requirements and then click OK.
The following figure shows an example of a new WSHV configuration with the name WSHV Settings for DHCP.
For a larger version of this figure, click here.
To specify the use of a non-default configuration for the WSHV in the Network Policy Server snap-in, open Policies-Health Policies, and then double-click the name of the health policy that you want to modify. On the Settings tab, in the SHVs used in this health policy list, click the drop-down arrow in the Setting column for the Windows Security Health Validator SHV to see a list of configurations. The following figure shows an example.
Click the desired configuration of the WSHV, and then click OK.
NAP Product Team
-
Heads up NAP and NPS fans!
This Thursday continues our series of online chats on Technet. Here is the description:
Microsoft’s Network Access Protection (NAP) with Network Policy Server (NPS) Open Forum
Join the NAP and NPS experts for a live chat session. Use this time to ask questions about the NAP platform or NPS and provide your feedback and thoughts on the product. This is your chance to speak directly with the experts. You can learn more at http://www.microsoft.com/nap.
March 26, 2009
1:00 - 2:00 P.M. Pacific Time
You can join the chat from http://technet.microsoft.com/en-us/cc719754.aspx.
Hope to see you there!
NAP Product Team
-
In a previous NAP blog entry, we described the new NPS templates feature in Windows Server 2008 R2. In this blog entry, we show an example of using a template for a RADIUS shared secret.
Templates for RADIUS shared secrets allow users to specify a shared secret that can be reused when configuring RADIUS clients and remote RADIUS servers in the Network Policy Server snap-in. To create and use a RADIUS shared secret template, do the following:
1. From the Network Policy Server snap-in, open the Templates Management node.
2. In the console tree, right-click Shared Secrets, and then click New.
3. In Template Name, type a name for the shared secret template, and then either manually specify the shared secret or have NPS automatically generate one.
4. Click OK to save changes.
To use the RADIUS shared secret template, configure a RADIUS client, a remote RADIUS server, or a remote RADIUS server template and specify the template name for the shared secret, rather than manually configuring a shared secret or having NPS generate one. The following figure shows an example.
To view which RADIUS clients, remote RADIUS servers, and remote RADIUS server templates use a specific RADIUS shared secret template, right click the name of the RADIUS shared secret template, and then click View Usage.
NAP Product Team
-
NPS templates, the flagship feature of NPS in Windows Server 2008 R2, provides a huge reduction in cost of ownership and deployment for all NPS environments. NPS templates separate common RADIUS configuration elements such as RADIUS shared secrets and RADIUS clients from the configuration running on the server. When referenced, the NPS setting inherits the values configured in the specified template. A change in the template changes the corresponding value in all of the places in which the template is referenced. For example, a single RADIUS shared secret template can be referenced for multiple RADIUS clients and remote RADIUS servers. When you change the RADIUS shared secret template, the change is inherited by all of the RADIUS clients and remote RADIUS servers in which that RADIUS shared secret template is referenced.
You can also use NPS templates to assist in configuration with referencing them. For example, you can create a RADIUS client template that contains common settings (such as the vendor type or shared secret) for a specific group of RADIUS clients (such as all wireless APs from a specific vendor). When you create a new RADIUS client, you can select the RADIUS client template to obtain the common settings. When you unselect the template, the inherited settings remain and you can configure individual settings, such as the RADIUS client’s IP address.
Note Template settings are not supported by commands in the netsh nps context. Using netsh nps commands will remove the reference to the template and change the configuration element specified in the command.
NPS template settings can also be easily migrated and synchronized across multiple NPS servers.
The following types of configuration elements use templates:
· RADIUS shared secret
· RADIUS clients
· Remote RADIUS servers
· IP filters
· Health policies
· Remediation server groups
You can configure templates for these configuration elements from the Templates Management node of the Network Policy Server snap-in. The following figure shows an example.
For a larger version of this figure, click here.
Individual templates can be added, edited, duplicated, or deleted. After they are configured, they can be referenced and de-referenced in the appropriate dialog boxes in the Network Policy Server snap-in.
The following table lists the different types of templates and where they are used in the Network Policy Server snap-in.
|
Template |
Where it is used |
|
RADIUS shared secret |
When creating or configuring RADIUS clients, remote RADIUS server group members, RADIUS client templates, or remote RADIUS server templates |
|
RADIUS clients |
When creating or configuring RADIUS clients |
|
Remote RADIUS servers |
When creating or configuring remote RADIUS server group members |
|
IP filters |
When configuring IP Filters settings for a network policy |
|
Health policies |
When creating or configuring health policies |
|
Remediation server groups |
When creating or configuring remediation server groups |
NAP Product Team
-
Windows 7 and Windows Server 2008 R2 are now available as public betas. In Windows 7, the NAP client user interface (UI) has been integrated into the Windows Action Center (previously known as the Windows Security Center). For example, Network Access Protection notifications appear in the list of messages when you click the Action Center message in the notification area of the Windows 7 desktop.
The following figure shows an example of how a noncompliant NAP client running Windows 7 displays its status in the Windows Action Center.
For a larger version of this figure, click here.
When you click View Solution, Windows 7 displays the Network Access Protection status dialog box (also known as the Napstat UI).
NAP Product Team
-
Greg Lindsay (writer) and Allyson Adley (editor) won the Online Best of Show award for the NAP Design Guide at the Puget Sound Chapter of the Society for Technical Communication (STC) awards ceremony on January 29th.
Congratulations Greg and Allyson for the fantastic technical documentation on NAP!
NAP Product Team
-
Heads up NAP fans!
Today is our first in a series of online chats on Technet! Here is the description:
Microsoft’s Network Access Protection (NAP) with Network Policy Server (NPS) Open Forum
Join the NAP and NPS experts for a live chat session. Use this time to ask questions about the NAP platform or NPS and provide your feedback and thoughts on the product. This is your chance to speak directly with the experts. You can learn more at http://www.microsoft.com/nap.
January 29, 2009
1:00 - 2:00 P.M. Pacific Time
You can join the chat from http://technet.microsoft.com/en-us/cc719754.aspx.
Hope to see you there!
-
Greg Lindsay, our NAP product documentation writer, and I are not the only ones writing about NAP. NAP is also being described by Thomas Shinder and Brien M. Posey. Check out the following content by these industry experts.
Thomas Shinder’s articles on deploying NAP IPsec
Part 1: http://www.windowsecurity.com/articles/Deploying-IPsec-Server-Domain-Isolation-Windows-Server-2008-Group-Policy-Part1.html
Part 2: http://www.windowsecurity.com/articles/Deploying-IPsec-Server-Domain-Isolation-Windows-Server-2008-Group-Policy-Part2.html
Part 3: http://www.windowsecurity.com/articles/Deploying-IPsec-Server-Domain-Isolation-Windows-Server-2008-Group-Policy-Part3.html
Part 4: http://www.windowsecurity.com/articles/Deploying-IPsec-Server-Domain-Isolation-Windows-Server-2008-Group-Policy-Part4.html
Thomas Shinder’s articles on deploying NAP DHCP
Part 1: http://www.windowsecurity.com/articles/Using-Group-Policy-Filtering-Part1.html
Part 2: http://www.windowsecurity.com/articles/Using-Group-Policy-Filtering-Part2.html
Part 3: http://www.windowsecurity.com/articles/Using-Group-Policy-Filtering-Part3.html
Part 4: http://www.windowsecurity.com/articles/Using-Group-Policy-Filtering-Part4.html
Brien M. Posey’s article series on NAP
Part 1: http://www.windowsnetworking.com/articles_tutorials/Network-Access-Protection-Revisited-Part1.html
Part 2: http://www.windowsnetworking.com/articles_tutorials/Network-Access-Protection-Revisited-Part2.html
Part 3: http://www.windowsnetworking.com/articles_tutorials/Network-Access-Protection-Revisited-Part3.html
Part 4: http://www.windowsnetworking.com/articles_tutorials/Network-Access-Protection-Revisited-Part4.html
Part 5: http://www.windowsnetworking.com/articles_tutorials/Network-Access-Protection-Revisited-Part5.html
Part 6: http://www.windowsnetworking.com/articles_tutorials/Network-Access-Protection-Revisited-Part6.html
Part 7: http://www.windowsnetworking.com/articles_tutorials/Network-Access-Protection-Revisited-Part7.html
Joe Davies
Senior Program Manager
-
The Hewlett-Packard (HP) ProCurve Open Network Ecosystem (ONE) is a new partner alliance program for ProCurve, the networking division of HP. Microsoft is a key member in ProCurve ONE and an important element of the alliance is interoperability with NAP.
Here is a quote from the NAP team's very own General Manager, Tim Sinclair:
"HP ProCurve ONE will help customers resolve interoperability concerns by delivering an open standards-based solution that is effective and efficient. The combination of the HP ProCurve ONE initiative and Microsoft Network Access Protection (NAP) will provide customers with enhanced security and policy-based access that helps reduce downtime and boosts return on investment."
For more information, see the Newsfactor.com article at http://www.newsfactor.com/news/HP-Launches-ProCurve-Alliance/story.xhtml?story_id=1230040K3ZM9.
-
Hey NAP fans!
Our first in a series of online chats on Technet has been rescheduled for Thursday, January 29 at 1:00 PM PST.
Here is the description:
Microsoft’s Network Access Protection (NAP) with Network Policy Server (NPS) Open Forum
Join the NAP and NPS experts for a live chat session. Use this time to ask questions about the NAP platform or NPS and provide your feedback and thoughts on the product. This is your chance to speak directly with the experts. You can learn more at http://www.microsoft.com/nap.
January 29, 2009
1:00 - 2:00 P.M. Pacific Time
You can join the chat from http://technet.microsoft.com/en-us/cc719754.aspx.
Put it on your schedule and we will see you there!
NAP Product Team
