Yesterday was the first Windows 2008 event in Canada. The first event was in Toronto and had almost 3000 attendees. Twenty MVPs participated in Ask-The-Expert and I was one of them :). One of the commonly asked questions was question about “What NAP is and how it works?“
So, I’d like to show what posted on TheLazyAdmin.com about NAP:
With the recent launch of Windows Server 2008 you are no doubt spending all your free time playing around with everything new. One thing you might be playing around with is Network Access Protection. There is a great document on getting a DHCP based NAP lab set up but one thing the document is missing is how to configure the NAP client in XP SP3. In Windows Vista you simply start the service then enable the client through the NAP Client Configuration MMC (napclcfg.msc) but XP SP3 does not include the MMC. So how does one configure the NAP Client without a Nap Client configuration tool? Netsh, that is how!
To enable the NAP Client on XP SP3 you need to do the following:
- Start –> Run –> Services.msc
- Change the Network Access Protection Agent service to start automatically
- Start the Network Access Protection Agent service
- Start –> Run –> CMD.exe
- Type netsh nap client set enforcement ID = ##### Admin = “Enable”
- Start –> Run –> GPEdit.msc
- Drill down to Computer Configuration | Administrative Templates | Windows Components | Security Center
- Enable the Security Center
- Start –> Run –> Services.msc
- Start the Security Center service
You will need to replace the ##### with the ID based on whichever enforcement method you are using. You can use the following IDs for the various enforcement methods:
- DHCP = 79617
- RAS = 79618
- IPSec = 79619
- TS Gateway = 79621
- EAP = 79623
For more labs and information see:
Step-by-Step Guide: Demonstrate IPsec NAP Enforcement in a Test Lab
Step-by-Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab
Step-by-Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab