Hi,
I administer a Windows 2016 domain with three brach offices and a CPD in another location. All users are in the branch offices.
We have 3 sites. Site 1 is for Branch 1, Site 2 for Branch 2 and Site 3 for central CPD and Branch 3.
All users and computers belong to domain, and we have an EPO McAfee server for antivirus and WSUS for Windows Updates.
We receive external workers all the time in every branch office. They have domain users for accesing servers and resources in domain, but their computers don't belong to the domain.
We want to implement a NAP solution, so that when a computer plugs into the network and a user tries to access the domain in some way (RDP connection, SMB connection or whatever way it establishes connection to domain), we can check if it is a secure computer (i.e., updated antivirus and windows). If not, take it to a network place where it can solve the uncompliances, and when it fullfil the requests, then be granted access.
I know the concept, but I don't know how to put on work. I don't want radius server for remote access and things like that. I just need to know how many servers I need, with which roles each, where they need to be placed, and how exactly give computers access to the remediate servers, and how all this mixes with current infrastructure.
I have found theoretical documentation in Microsoft site, but no hands on and practical information about this.
Hope you can help me with this.
Thread source link: https://social.technet.microsoft.com/Forums/zh-CN/f1e7e9c5-9afe-4693-a2e1-7da0c2296003/begining-with-nap?forum=winserverNAP