Information Technology Reference
In-Depth Information
Set the Network Access Protection Agent Windows Service startup type to Automatic.
2.
Use the NAP Client Configuration console (Napclcfg.msc) on the client computer to
enable the following enforcement clients:
■
DHCP Quarantine Enforcement Agent
■
EAP Quarantine Enforcement Agent
3.
4.
Configure Group Policy to enable the Security Center.
Edit the Default Domain Policy.
5.
6.
Navigate to Computer Configuration/Administrative Templates/Windows
Components/Security Center.
7.
Double-click Turn On Security Center (Domain PCs Only).
8.
Select Enabled. Click OK and exit the Group Policy Management Editor and the GPMC.
Thought experiment
Performing health checks
In this thought experiment, apply what you've learned about this objective. You can
find answers to these questions in the “Answers” section at the end of this chapter.
You are the network administrator for TreyResearch.net. As a result of a recent virus
attack on the network that originated with an unprotected remote user, you have
been asked to immediately implement network access policies to ensure that com-
puters that connect remotely are fully updated and protected.
1.
What changes do you need to make to your existing NPS RADIUS infrastructure
to support the change?
2.
What changes do you need to make on remote client computers? How can you
implement them?
3.
What transitional steps should you take before locking out noncompliant users?
■
NAP uses SHVs to verify that network clients meet specific health requirements.
■
NAP health policies work with connection request policies and network policies to
determine which clients are allowed to connect to the network.
■
NAP enforcement can be set to monitor, limited enforcement, or full enforcement.
■
NAP enforcement can use remediation server groups to remediate noncompliant
clients.
■
NAP clients need configuration to work with NAP enforcement.
