Published June 14, 2023, 1:20 p.m. by Courtney
You may also like to read about:
in this session we are going to be
looking at setting up network access
protection but we're using the virtual
private network connection method if you
would remember in our last session we
configured network access protection
using the DHCP enforcement method we're
going to be using the VPN method in our
session so the first thing that we want
to do is to select the network
connection method from the drop down box
we have selected VPN and any policies
that are created will work with this
network connection type only so when you
set up a VPN connection then people
accessing the network using VPN these
policies that we create will only work
with those clients if you set up a DHCP
connection then the clients are
connected to that connection and you
have specific policies that will work
with those connections we have the
policy name you can either leave the
default name as is here an AP VPN or you
can type your own name you can customize
the name of the policy we move on to the
next page on our next screen we need a
real
quiet which is the access service so we
need to choose one if there it is class
already here if you've already
configured radius plans and you can
simply add it if you haven't then at
this point you'll be able to create one
we already Harbor it is quiet now we're
going to be using radius layer one so
all we need to do is to move to the next
screen justice and DHCP and for small
policy we will need machine groups so if
you have groups created where you have
place machines in those groups you can
add the group if you happened and you
want the policy to go to everyone to all
users then we can go ahead and say next
or at this point we're going to go ahead
now we're going to say next
for the VPN if you remember if you're
using VPN connection you need to
configure authentication method and for
VPN we use PAP and you know that if
you're going to use PAP you're going to
need a certificate this wizard will not
not let you move any further unless you
have a certificate configure it so what
you would do is to click on choose at
this point select your certificate you
can see we have all certificates
selected here and by default you have
the PAP secure password you can also
choose smart card if you wish so you can
use both of them but please remember if
you are configuring VPN connection for
use with your network access protection
cetera
you will need to have the MPS server
certificate what go to the next screen
and for this session for this section
here for the screen we have to select
our mediation group just like we did
when we were setting up the DHCP so we
have a group calling or hoop remediation
Group one and when they client trace the
connect and the client is not compliant
we can have what we call a web page and
that web page will give the client
directions on how to bring the device
online how to make that device compliant
with the your network access protection
health policy so you have to have a web
page if you do have one then you will
need to take the URL right here in the
URL box so that the Klan's will have
access to that web page to find out what
to do if the system if its system is not
compliant we want to move on to the next
screen and we come to the window
security health validator we have a help
validator by default our validator
contains all the updates and antivirus
programs that you will need for your
policy you can create one on your own or
you can use the default and you can
modify that default we're going to be
looking at the security health validator
and the talita
also you can see here that Auto
remediation of plant computers is
enabled by these four so if you don't
change anything in this policy app or
declared computers that are not
compliant they're going to be forced to
go into remediation remedy remediation
group could be a group of servers and
these are going to be servers like for
example wsus servers where the servers
will force the updates on the client
computers when the client computer is
updated then the computer will get
what's called a statement of health it
will present that to the server and the
client will be alone access to the
network but only there or third section
here on this screen we have to deal with
computers are not able to run now they
are not in eligible and that might be a
dumb level computer client computer or
it might be a computer that's not a
Windows operating system computer and
you have to decide what you're going to
do with those because you will have
computers like that on your network you
have to decide here if you're going to
deny them full access only allowing them
access to restricted network and
intricate network will be in that work
that contain your remediation servers
your wsus servers so you can choose that
one or you can just allow full access to
this computer so you can give them
limited access or you give them full
access then you want
to continue to the next screen and you
check what you have configured me sure
is everything that you want if it's not
then you pull back and you meet your
questions so this is the completion of
the nap policy and we have we did it
with the VPN connection we want to take
a look next that system health validator
that we talked about to take a look at
the system help validator we need to
access NPS do you want to click on Tools
network policy server and in the network
policy server console we want to expand
network access protection and we can see
here system health validator I want to
expand system have validator and we want
to click on Windows security health
validator now we have two sessions here
we have the setting sessions then we
have some error calls
let's take a look at settings and let's
not hear that the system help validate
the settings we'll be fine
whatever settings that you put in this
system how validate or you accept now
will define the requirements for current
computers that are connecting to your
network if you want you can edit the
default configuration or you can create
additional configurations for use with
the health policy so let's go into
settings
and we're not going into the default
system helped validator settings so
let's double click on default
configuration and we see here that you
from these settings here you can choose
the policy settings for your windows
security health validator you have
settings here that are default they're
already here if you don't want these
things then you can uncheck the box so
let's look at that the first one is the
firewall set it so the current computer
has to have the firewall enabled that's
that's one thing that they need to have
if you have the schedule then you have
antivirus settings where the client
computer must have an anti-virus
application on and antivirus must be
up-to-date
you have your spider protection settings
where the client computer should have
the anti spray application on the
anti-spyware application on and it also
has to be up-to-date
what about automatic update settings
let's see that also has to be enabled
then you have your security update
settings you can choose those let's turn
that on this is going to restrict access
for clients that do not have all
available security updates installed and
here you can specify the minimum
severity level required so you have here
important and above long below moderate
and above critical only you can choose
the one that you want to specify you can
also specify the minimum number of hours
allowed since the plant has checked for
new security updates and
the updates will come from if you leave
it as it is updates will be coming going
those update services but you mean in
your environment have a Windows Server
Update Services server so you can decide
where the updates will come from these
are the settings for your system health
validator you can either as they are or
you can modify them we want to close the
settings and look at the arrow points
let's go back to the windows security
health validator and take a look at
aéroports no this is somehow validator
error codes will define whether they
claim computers are considered compliant
or non-compliant when the system has
validator or the system have agents that
we had talked about in the previous
session returns an arrow let's take a
look at the error codes alright let's
look at the first one the system health
validator on able to contact required
service no this error can occur if
network policy server loses connectivity
to a health requirement server such as
an anti virus signature server then we
have a second error code here where the
agent is on able to contact required
services and this can occur if the sh e
the system health agent is one able to
successfully read the client
configuration remember we said that the
sh e is a component that will actually
scoot
May's declared computer to see if the
client computer has all the requirements
that are stated in the policy we have
another a record here where the agent is
not responding to the client and this
error can occur if the system have agent
is not properly initiated and registered
then we have the system held validator
not responding and this error can occur
if the performance of a system helps
validator is degraded for example let's
say your MPs is out of memory you might
have an error like that then you have
another error the vendor specific error
code received and this particular error
can occur if MPs receives an error
that is unique to the system have agent
or system help validate a vendor itself
some vendors will return the scored when
MPs is unable to contact the health
requirement server so those are our
error codes and we looked at the system
how validator these settings let's just
go back to it we saw that we have
default settings and that we can modify
the system health validator to suit our
purposes so you you get to decide what
is in this system have a validator the
policies that would apply and declare 20
planted train to access the network
has to comply with the settings that you
have here if they don't they're not
going to be allowed on the network they
might be give a restricted access to the
remediation server and the remediation
server will then actually place the
updates on the client computer give them
the server a statement of her saying
that yes they are not compliant and it's
only then that the client will be
connected to the network to access
resources in this session we looked at
an AP with a VPN connection we also took
a look and look at the system health
validator this is the end of our session
and I want to thank you for listening
2CUTURL
Created in 2013, 2CUTURL has been on the forefront of entertainment and breaking news. Our editorial staff delivers high quality articles, video, documentary and live along with multi-platform content.
© 2CUTURL. All Rights Reserved.