Begining with NAP

Gloria Gu 3,891 Reputation points
2020-07-15T03:29:52.197+00:00

Hi,

I administer a Windows 2016 domain with three brach offices and a CPD in another location. All users are in the branch offices.

We have 3 sites. Site 1 is for Branch 1, Site 2 for Branch 2 and Site 3 for central CPD and Branch 3.

All users and computers belong to domain, and we have an EPO McAfee server for antivirus and WSUS for Windows Updates.

We receive external workers all the time in every branch office. They have domain users for accesing servers and resources in domain, but their computers don't belong to the domain.

We want to implement a NAP solution, so that when a computer plugs into the network and a user tries to access the domain in some way (RDP connection, SMB connection or whatever way it establishes connection to domain), we can check if it is a secure computer (i.e., updated antivirus and windows). If not, take it to a network place where it can solve the uncompliances, and when it fullfil the requests, then be granted access.

I know the concept, but I don't know how to put on work. I don't want radius server for remote access and things like that. I just need to know how many servers I need, with which roles each, where they need to be placed, and how exactly give computers access to the remediate servers, and how all this mixes with current infrastructure.

I have found theoretical documentation in Microsoft site, but no hands on and practical information about this.

Hope you can help me with this.

Thread source link: https://social.technet.microsoft.com/Forums/zh-CN/f1e7e9c5-9afe-4693-a2e1-7da0c2296003/begining-with-nap?forum=winserverNAP

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,127 questions
0 comments
Accepted answer
  1. Candy Luo 12,656 Reputation points Microsoft Vendor
    2020-07-15T05:30:45.587+00:00

    Hi ,

    Welcome to our new Microsoft Q&A Platform.

    In fact, NAP was deprecated in Windows Server 2012 R2 and NAP is not supported in windows 10,also are not available in Windows Server 2016.

    12347-3.png

    Based on my research, the approach that comes most close is Mobile Device Management (MDM) and apply AV polices and Windows Update policies using System Center Configuration Manager.

    Here is a similar thread discussed before, please see:

    https://social.technet.microsoft.com/Forums/office/en-US/c63d15e2-9f07-48c8-9b39-6e087a44f935/nap-in-windows-server-2016?forum=winserverNAP

    I also found an earlier article discussing how to build NAP, you could take a look:

    https://www.microsoftpressstore.com/articles/article.aspx?p=2224362&seqNum=2

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Candy

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest