Edit

Internet Authentication Service & Network Policy Server

  • Article

Internet Authentication Service (IAS) was renamed Network Policy Server (NPS).

Internet Authentication Service

Internet Authentication Service is the Microsoft implementation of a RADIUS server and proxy.

Internet Authentication Service supports two API sets: Network Policy Server Extensions API and Server Data Objects API.

See TechNet: Internet Authentication Service for more information on IAS.

Network Policy Server

Network Policy Server is the Microsoft implementation of a RADIUS server and proxy and it is available on Windows servers starting with Windows Server 2008.

NPS supports the same two API sets as IAS: Network Policy Server Extensions API and Server Data Objects API.

In addition, NPS contains a set of new features that expand the IAS capabilities.

Feature What's new for NPS
Network Access Protection (NAP)
 NPS is the central server of Network Access Protection.
NPS supports policy authoring using the following additional conditions:
  • Policy expiration.
  • Operating system version.
  • Access client IP address.
  • Health policies.
  • Allowed EAP types.
  • HCAP.
NPS supports policy authoring using the following additional settings:
  • Probation.
  • Limited access.
  • Extended state for limited access.
NPS, through NAP, interoperates with CISCO NAC.
IAS does not support NAP.
EAP Policy and EAPHost Support
 NPS uses EAPHost for EAP method extensibility. Additionally, administrators may configure network access policy for EAP.
IAS does not support EAPHost integration, or EAP type filter conditions for policies.
IPv6 Support
 NPS supports deployment in IPv6 environments.
IAS does not support IPv6 network addresses.
XML Configuration
 NPS configuration can be imported and exported in XML format.
IAS is using a Jet database for storing service configuration.
Common Criteria Support
 NPS has been updated to support its deployment in environments that must meet the Common Criteria security standards.
NPS Extensions API
 The NPS extension DLLs run in a separate process from the NPS service. Should an extension DLL crash, NPS will keep running and future requests will be rejected.
The IAS extension DLLs run in the same process as the IAS service and may adversely affect the service.
Management User Interface
 The NPS management console (nps.msc) has a new look, improved usability, and covers all the new functionality added to NPS.
IAS uses the ias.msc management console.
Role Management Tool and Server Manager Integration
 NPS is integrated with the Server Manager and the Role Management Tool. This integration facilitates the configuration and management of NPS and related scenarios.
Server Manager is not available on computers running IAS.
Updated Command Line Scripting with Netsh.
 NPS supports the "Netsh nps" command line interface. "Netsh nps" contains new commands that permit to fully configure NPS, including NAP features.
IAS supports the "Netsh aaaa" command line interface.
Policy Isolation
 NPS enables the implementation of policy isolation by setting the Network Policy Source. Policies can be configured that are applicable only to a predetermined NAS type.
IAS does not support policy isolation.

See TechNet: Network Policy Server for more information on NPS.

RADIUS Authentication, Authorization, and Accounting

Logging With Network Policy Server

Working with a State Server