Windows NPS query

Networking/Security Forums -> Networking

Author: andrew.vint PostPosted: Wed Aug 03, 2011 10:34 pm    Post subject: Windows NPS query
    ----
Hi All,

I have setup a lab with Windows Server 2008 R2 and i am currently testing the features of windows NPS.

Now i have started by perfomring the actions to create DHCP system Health checks on the workstations.

In essence they need to have a firewall and the anti-virus enabled to get a DHCP address and on the lan.

Now i followed the procedures and setyp the SHV's and everything seems to work fine apart from the fact my Windows 7 machines keep failing the SVH. I even changed it so it was Firewall only, which is definately on and the machines keeping getting issued with a probationary IP address.

The document i followed is
http://www.google.co.uk/url?sa=t&source=web&cd=2&ved=0CCwQFjAB&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F5%2FE%2F6%2F5E6D858D-B665-4718-91BF-0E876228B5C6%2FNAP_DHCP_StepByStep.doc&rct=j&q=NAP_DHCP_StepByStep&ei=fq85Ts_LKJOFhQeFi6WeAg&usg=AFQjCNFpJB0SIPg54VtV72OuE8jYXn-fHA

So in essence following microsofts instructions it doesnt work ... can anyone help shine a light on this, i have followed that document to the letter and the win7 machines all fail the SVH.

On another note how do you assign machines that boot into Windows Deployment Service (PXE) when you are authorising the DHCP.

Can you set an attribute somewhere that knows that it is PXE booting and as such go and use this scope ?

If anyone can help would be greatly appreciated.

Thanks

Andrew Vint

Author: andrew.vint PostPosted: Thu Aug 04, 2011 12:03 am    Post subject: Update:
    ----
OK quick update ... i have managed to get the DHCP NAP Capable process working properly now.

My issues were ...
1) Had not set the 'EAP Quarantine Enforcement Client' to enabled in the GPO
2) Had not set 'Override network policy authentication settings' in the authentication setting of the connection request policy.

Now my clients are connecting and getting listed as Full Access in DHCP, now i just need to get the non-compliant machines to use a seperate scope on my DHCP.

Any ideas ?



Networking/Security Forums -> Networking


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group