Network Policy and Access Services

Applies To: Windows Server 2008

The Network Policy and Access Services (NPAS) server role is a logical grouping of the following related network access technologies:

These technologies are the role services of the NPAS server role. When you install the NPAS server role, you can install one or more role service while running the Add Roles Wizard.


To deploy Network Access Protection (NAP), you must install the Network Policy Server role service. Depending on your requirements and the NAP enforcement methods you choose to deploy, you might also need to install the RRAS, HRA, or HCAP role services.

Network Policy Server

NPS is the Microsoft implementation of a Remote Authentication Dial-In User Service (RADIUS) server and proxy. You can use NPS to centrally manage network access through a variety of network access servers, including 802.1X authenticating switches and wireless access points, VPN servers, and dial-up servers. In addition, NPS is configurable as a Network Access Protection (NAP) policy server.

For more information, see:

Routing and Remote Access

Using Routing and Remote Access, you can deploy Point-to-Point Tunneling Protocol (PPTP), Secure Socket Tunneling Protocol (SSTP), or Later Two Tunneling Protocol (L2TP) with Internet Protocol security (IPsec) VPN connections to provide end users with remote access to your organization's network. You can also create a site-to-site VPN connection between two servers at different locations.

For more information, see:

Health Registration Authority (HRA)

HRA is a Network Access Protection (NAP) component that issues health certificates to clients that pass the health policy verification that is performed by NPS using the client statement of health (SoH). HRA is used only with the NAP IPsec enforcement method.

For more information, see:

Host Credential Authorization Protocol (HCAP)

HCAP allows you to integrate your Microsoft NAP solution with Cisco Network Access Control Server. When you deploy HCAP with NPS and NAP, NPS can perform client health evaluation and the authorization of Cisco 802.1X access clients.

For more information, see:

Other Resources