Checklist: Configure NAP Enforcement for TS Gateway
Applies To: Windows Server 2008
Configure NAP enforcement for Terminal Services Gateway
This checklist provides the steps required to deploy Terminal Services Gateway (TS Gateway) with Network Policy Server (NPS) and Network Access Protection (NAP).
Task | Reference |
---|---|
Install the Terminal Server role and configure TS Gateway. |
Terminal Services Gateway documentation |
Determine whether to use PEAP-MS-CHAP v2 or PEAP-TLS as the authentication method. |
RADIUS Server for 802.1X Wireless or Wired Connections; Certificate Requirements for PEAP and EAP; PEAP Overview; and your hardware documentation |
Autoenroll a server certificate to NPS servers or, if you are using PEAP-MS-CHAP v2, optionally purchase a server certificate rather than deploying your own CA. |
Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication (https://go.microsoft.com/fwlink/?LinkId=33675) |
If you are using PEAP-TLS without smart cards, autoenroll user certificates, computer certificates, or both user and computer certificates, to domain member client computers. |
Deploy Client Computer Certificates and Deploy User Certificates |
Configure computers running TS Gateway as RADIUS clients in NPS. |
|
If you want to perform authorization by group, create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the TS Gateway server. |
|
On NAP-capable client computers, enable the Network Access Protection service and change the startup type to automatic. |
|
On NAP-capable client computers, enable the EAP enforcement client and the TS Gateway enforcement client. |
|
If you are using the Windows Security Health Validator (WSHV) in your NAP deployment, enable Security Center on NAP-capable clients using Group Policy. |
|
In NPS, configure the WSHV or install and configure other system health agents (SHAs) and system health validators (SHVs). |
System Health Validators and Windows Security Health Validator |
In NPS, configure health policies, connection request policies, and network policies that enforce NAP for TS Gateway access. |
Create a Health Policy and Create NAP Policies with a Wizard |
In NPS, if you are deploying remediation servers so that clients can automatically update their configuration in compliance with health policy, configure Remediation Server Groups. |