Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Introduction to Network Access Protection (Part 7)
Introduction to Network Access Protection (Part 1)
Introduction to Network Access Protection (Part 2)
Introduction to Network Access Protection (Part 3)
Introduction to Network Access Protection (Part 4)
Introduction to Network Access Protection (Part 5)
Introduction to Network Access Protection (Part 6)
In Part 6, I showed you how to set up a VPN connection on a Windows Vista client. This part 7 will continue the discussion of how to complete the client configuration process.
Start the configuration process by opening the Control Panel , clicking the Network and Internet link , then the Network and Sharing Center . When the Network and Sharing Center window is open, click the Manage Network Connections link . Then a window displays all the network connections that will be displayed and the VPN connection you created earlier.
Right-click the VPN connection and then select Properties from the shortcut menu. Windows will display the connection properties window, go to the Security tab and select Advanced (Custom Settings) as shown in Figure A.
Figure A: You must configure the connection to the Advanced (Custom Settings) security option.
Now click the Settings button to bring up the Advanced Security Settings dialog box. Once you have established a VPN connection using the Extensible Authentication Protocol, you must choose Use Extensible Authentication Protocol (EAP) . After making that selection, a list will be activated under this button. Select the Protected EAP (PEAP) (Encryption Enabled) option as shown in Figure B.
Figure B: You must select the Protection EAP security option (PEAP)
(Encryption Enabled) for VPN.
Now, click your mouse on the Properties button to bring up the Protected EAP Properties dialog box. When this dialog box appears, check the Validate Server Certificate checkbox and uncheck the Connect to these Servers checkbox. You must select the Secured Password option (EAP-MSCHAP V2) in the Select Authentication Method list . Finally uncheck the Enable Fast Reconnect checkbox and check the Enable Quarantine Checks checkbox as shown in Figure C.
Figure C: The Protected EAP Properties window allows setting parameters
Authentication based on Extensible Authentication Protocol
At this point, you just need to click OK every time a dialog box appears to close them. Now you must configure the VPN connection to meet the requirements. In order for Network Access Protection to work, the Network Access Protection service needs to be set up to start automatically. By default, Windows Vista sets up this service to start manually, so you have to change them automatically.
To do that, you must go to Control Panel, select System and Maintenance , then Administrative Tools . Windows will then display a list of different administrative tools. Double-click the Services icon to open the Service Control Manager.
Drag the slider in the list of services until you see the Network Access Protection Agent section . Double-click this service and then set to Automatic and OK . Please note that setting the service's startup type is automatic (Automatic) does not start the service immediately, it only ensures that the service will automatically run when we restart the machine next time. However, you can start the service without restarting the computer by right-clicking on the service and selecting Start . If you have any problems starting the service, check to make sure that both Remote Procedure Call (RPC) and DCOM Server Process Launcher services are working. Network Access Protection Agent service may not work when there are attached services under it.
Check Network Access Protection
Believe it or not, we have finally finished configuring Network Access Protection. Now perform simple tests to make sure everything is working as intended.
We can reconfigure the network policy server so that invalid computers are automatically quarantined and can also configure the network policy server only for standards that check if Windows firewall is available. enabled or not. In that case, you should disable the firewall on the client, then connect to the network policy server using the VPN connection you created. By doing so, the client's firewall is automatically activated.
Let's start disabling the firewall on the client. To do that, you need to open Control Panel and click Security > Windows Firewall to open the Windows Firewall dialog box. Assuming that the Windows firewall is running, click the Turn Windows Firewall On or Off link . You should now see a dialog box that allows you to enable or disable the firewall as shown in Figure D. The firewall is now disabled.
Figure D: Select Off (Not Recommended) to disable the firewall
Now turn off the Windows firewall, and this is also the time to set up a RRAS / NAP server VPN connection. To do that, open Control Panel and click Network and Internet , then Network and Sharing Center . When the Network and Sharing Center window is open, click Manage Network Connections . You will then see a list of existing LAN connections and VPN connections.
Double-click the VPN connection you created, then click Connect . You will now have to enter your username, password and domain name. Click OK after you have entered these information, and then a connection will be established for your VPN / NAP server.
As soon as the connection is established, you will see a message appear at the bottom of the message display:
This Computer Does Not Meet Corporate Network Requirements. Network Access is Limited.
( This computer has no network requirements. Network access is limited .)
You can see this message as shown in Figure E.
Figure E: When the firewall is disabled, you will get one
Notice by establishing a VPN connection.
If the Windows Firewall icon indicates that the firewall is enabled. When this happens, you will see another window appear showing the message:
This Computer Meets Corporate Network Requirements. You Have Full Network Access.
( This computer has all the network requirements. You have full access .)
You can see this message in Figure F.
Figure F: When the NAP server activates the firewall, this message is displayed
The message shown in Figure F is also displayed when the computer has the necessary requirements to connect to the NAP server through a VPN connection.
Conclude
In this article, I have shown you how to configure the NAP server to ensure that VPN clients have the necessary network security requirements. Please note that the time we wrote this article is that Longhorn Server is still in beta. Thus, some steps involved in the process may change when the official version of Longhorn Server is released. However, there will be no major changes and keep in mind that NAP will only test clients running Windows Vista.
Marvin FryYou should read it
- How to set up a firewall in Linux
- How to block Internet connection software, Windows 10 applications
- Controlling Internet access - Part 4: TMG Network and Network Rule
- How to fix the error that cannot access another machine in Windows 10 LAN
- Speed up network and Internet access
- Instructions to enable / disable Windows Firewall with Command Prompt
- Learn about the ISA Firewall Client (Part 1)
- 7 basic questions about firewalls everyone needs to know
May be interested
- 5 tips to keep your social network account in a 'safe' state
do you think your social network accounts are always in a safe state? maybe you have to think again. with the weak passwords you create and use, hackers can easily unlock and access your account at any time. - Configure Windows XP SP2 network protection technologies on a computer (Part II)in the previous section, we showed you how to set up security from the starting point: security center, this tutorial will show you how to prevent unauthorized access through internet explorer web browser.
- Intrusion Detection System (IDS) (Part 2)in the previous section we have solved ids architectural and classification issues. in this second part, we will show you more in-depth tutorials on ids including an overview of classifications and an introduction to the reader some basic concepts about ids: audit analysis and handle 'online' as well as discovery
- CDMA network technologies: A decade of development and challenges - Part 1the article briefly describes the origins of cdma technology and the introduction of 3g versions such as cdma2000 1x and cdma2000 1x ev-do. an overview of the network structure is presented with detailed explanations of the role of each component and interface in the network and protocol testing to change according to the needs of the network. the article will conclude with a discussion of some technical issues that may appear in cdma networks and some proposed solutions.
- CDMA network technologies: A decade of development and challenges - Part 2the article briefly describes the origins of cdma technology and the introduction of 3g versions such as cdma2000 1x and cdma2000 1x ev-do. an overview of the network structure is presented with detailed explanations of the role of each component and interface in the network and protocol testing to change according to the needs of the network. the article will conclude with a discussion of some technical issues that may appear in cdma networks and some proposed solutions.
- Access Exchange 2007 from Apple Macintosh (Part 2)in the last part of this two-part article, i will show you how to configure entourage 2004 for exchange access and then discuss some of the pros and cons of each solution. we will access each client based on the criteria below.
- How to fix the error IPv6 No Network Accessthe ipv6 no network access error can occur on any mac, pc or mobile device, making it annoying when trying to connect to the network. in this guide, make tech easier with the instructions to get ipv6 connectivity working again.
- Virtual mobile network - approach to research on 3G in Vietnam conditionssimilar to the convergence of fixed networks in the direction of ngn, mobile technologies are also in the process of converging to meet mobile customer requirements for bandwidth and service quality with the introduction of network. 2.5g, 3g generation mobile ...
- Deploying Network Access Quarantine Control, Part 2i stepped qua cách làm việc truy cập của quarantine mạng (naqc) works and đã cung cấp chi tiết điều khiển instructions. in the second and final installment, i'll continue the procedure by finishing the deployment, then discuss how isa server 2004's entrance to the marketplace changes the field of naqc and how to quarantining is implemented within the isa server itself.
- PKI Tutorial - Part 2: Designin the first part of this pki tutorial series, we have an overview of how to prepare and plan your pki. in this second part, we will continue the introduction with a little more technique. ch & uac
LAN - WAN
- Troubleshooting TCP / IP: Structure method - Part 2: Troubleshooting routing tables
- Troubleshooting TCP / IP: Structure method - Part 3: Fix network connections
- Troubleshooting TCP / IP: Structural Methods - Part 4: Use Netdiag.exe
- Managing Windows networks using scripts - Part 7: Troubleshooting errors
- Host-Based IDS and Network-Based IDS (Part 2)
- Managing Windows Networks using Script - Part 8: Handling remote scripting errors using Network Monitor 3.0
Troubleshooting TCP / IP: Structure method - Part 2: Troubleshooting routing tables
Troubleshooting TCP / IP: Structure method - Part 3: Fix network connections
Troubleshooting TCP / IP: Structural Methods - Part 4: Use Netdiag.exe
Managing Windows networks using scripts - Part 7: Troubleshooting errors
Host-Based IDS and Network-Based IDS (Part 2)
Managing Windows Networks using Script - Part 8: Handling remote scripting errors using Network Monitor 3.0