Beruflich Dokumente
Kultur Dokumente
Network Policy Server (NPS) allows you to create and enforce organization-wide network access
policies for client health, connection request authentication, and connection request authorization.
http://technet.microsoft.com/en-us/library/cc733085(d=printer,v=WS.10).aspx 4/17/2011
Network Policy Server Page 2 of 3
To deploy NPS with secure IEEE 802.1X wired or wireless access, you must enroll a server
certificate to the server running NPS using Active Directory Certificate Services (AD CS) or a
non-Microsoft public certification authority (CA). To deploy EAP-TLS or PEAP-TLS, you must
also enroll computer or user certificates, which requires that you design and deploy a public
key infrastructure (PKI) using AD CS. In addition, you must purchase and deploy network
access servers (wireless access points or 802.1X authenticating switches) that are
compatible with the RADIUS protocol and EAP.
To deploy NPS with TS Gateway, you must deploy TS Gateway on the local or a remote
computer that is running the Windows Server® 2008 operating system.
To deploy NPS with Routing and Remote Access configured as a VPN server, a member of a
VPN site-to-site configuration, or a dial-up server, you must deploy Routing and Remote
Access on the local or a remote computer that is running Windows Server 2008.
To deploy NPS with NAP, you must deploy additional NAP components as described in NPS
product Help and other NAP documentation.
To deploy NPS with SQL Server logging, you must deploy Microsoft SQL Server 2000 or
Microsoft SQL Server 2005 on the local or a remote computer.
Network Access Protection (NAP). A client health policy creation, enforcement, and
remediation technology that is included in the Windows Vista® operating system and
Windows Server 2008. With NAP, you can establish health policies that define such things as
software requirements, security update requirements, and required configuration settings for
computers that connect to your network.
Network shell (Netsh) commands for NPS. A comprehensive command set that allows
you to manage all aspects of NPS using commands at the netsh prompt and in scripts and
batch files.
New Windows interface. Windows interface improvements, including policy creation
wizards for NAP, network policy, and connection request policy; and wizards designed
specifically for deployments of 802.1X wired and wireless and VPN and dial-up connections.
Support for Internet Protocol version 6 (IPv6). NPS can be deployed in IPv6-only
environments, IPv4-only environments, and in mixed environments where both IPv4 and
IPv6 are used.
http://technet.microsoft.com/en-us/library/cc733085(d=printer,v=WS.10).aspx 4/17/2011
Network Policy Server Page 3 of 3
Integration with Cisco Network Admission Control (NAC). With Host Credential
Authorization Protocol (HCAP) and NPS, you can integrate Network Access Protection (NAP)
with Cisco NAC. NPS provides the Extended State and Policy Expiration attributes in network
policy for Cisco integration.
Attributes to identify access clients. The operating system and access client conditions
allow you to create network access policies that apply to clients you specify and to clients
running operating system versions you specify.
Integration with Server Manager. NPS is integrated with Server Manager, which allows
you to manage multiple technologies from one Windows interface location.
Network policies that match the network connection method. You can create network
policies that are applied only if the network connection method, such as VPN, TS Gateway, or
DHCP, matches the policy. This allows NPS to process only the policies that match the type of
RADIUS client used for the connection.
Common Criteria support. NPS can be deployed in environments where support for
Common Criteria is required. For more information, see Common Criteria portal at
http://go.microsoft.com/fwlink/?LinkId=955671.
NPS extension library. NPS provides extensibility that enables non-Microsoft organizations
and companies to implement custom RADIUS solutions by authoring NPS extension dynamic-
link libraries (DLLs). NPS is now resilient to failures in non-Microsoft extension DLLs.
XML NPS configuration import and export. You can import NPS server configuration to a
XML file and import NPS server configurations using XML files with the netsh NPS commands.
EAPHost and EAP policy support. NPS supports EAPHost, which is also available in
Windows Vista. EAPHost is a Windows service that implements RFC 3748 and supports all
RFC-compliant EAP methods, including expanded EAP types. EAPHost also supports multiple
implementations of the same EAP method. NPS administrators can configure network policy
and connection request policy based on EAPHost EAP methods.
Additional references
For information about other Network Policy and Access Services features, see the Network Policy
and Access Services Role2 topic.
Links Table
1
http://go.microsoft.com/fwlink/?LinkId=95567
2
http://technet.microsoft.com/en-us/library/cc732217(v=WS.10).aspx
Community Content
http://technet.microsoft.com/en-us/library/cc733085(d=printer,v=WS.10).aspx 4/17/2011