28 February 2008

What NAP is and how it works?

Yesterday was the first Windows 2008 event in Canada. The first event was in Toronto and had almost 3000 attendees. Twenty MVPs participated in Ask-The-Expert and I was one of them :). One of the commonly asked questions was question about “What NAP is and how it works?

So, I’d like to show what posted on TheLazyAdmin.com about NAP:
With the recent launch of Windows Server 2008 you are no doubt spending all your free time playing around with everything new. One thing you might be playing around with is Network Access Protection. There is a great document on getting a DHCP based NAP lab set up but one thing the document is missing is how to configure the NAP client in XP SP3. In Windows Vista you simply start the service then enable the client through the NAP Client Configuration MMC (napclcfg.msc) but XP SP3 does not include the MMC. So how does one configure the NAP Client without a Nap Client configuration tool? Netsh, that is how!

To enable the NAP Client on XP SP3 you need to do the following:

  1. Start –> Run –> Services.msc
  2. Change the Network Access Protection Agent service to start automatically
  3. Start the Network Access Protection Agent service
  4. Start –> Run –> CMD.exe
  5. Type netsh nap client set enforcement ID = ##### Admin = “Enable”
  6. Start –> Run –> GPEdit.msc
  7. Drill down to Computer Configuration | Administrative Templates | Windows Components | Security Center
  8. Enable the Security Center
  9. Start –> Run –> Services.msc
  10. Start the Security Center service

You will need to replace the ##### with the ID based on whichever enforcement method you are using. You can use the following IDs for the various enforcement methods:

  • DHCP = 79617
  • RAS = 79618
  • IPSec = 79619
  • TS Gateway = 79621
  • EAP = 79623

For more labs and information see:

Step-by-Step Guide: Demonstrate IPsec NAP Enforcement in a Test Lab

Step-by-Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab

Step-by-Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab

03 February 2008

Microsoft doesn’t recommend creating Vista ‘Lite’

As many of you know, it’s possible to create a “Lite” version of operating system by using well know program vLite. But, recently Microsoft said in an e-mail to CNET News.com:

“Microsoft does not recommend using any tool to strip out applications from Windows Vista prior to installing it on your system, as it may affect your ability to download future Windows updates and service packs, and may cause your system to become unstable,”

So, think twice before you creating Vista ‘Lite’ ;)