Delen via


Network Policies

Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista

Network policies use conditions, settings, and constraints to authorize a level of access for clients attempting to connect to a network. For NAP, you must configure at least one network policy that will be applied to computers that are compliant with the health requirements and at least one network policy that will be applied to computers that are noncompliant. You can also configure a network policy that will be applied to computers that are non-NAP-capable. You might configure additional network polices to specify unique health requirements for different computers or segments of the network.

Network policy design considerations

If you have deployed multiple SHVs, you can configure network policies to match clients that are compliant with some, but not all, health requirements. Network policies also contain NAP enforcement settings and can provide NAP clients with remediation server groups and a troubleshooting URL. The type of health requirements and troubleshooting URL that are configured in network policy also affect the NAP notification received by NAP client computers. By customizing network policies to the exact type of noncompliance that is evaluated, you can provide a unique troubleshooting URL to client computers. When evaluating several health conditions, you must ensure that more specific policies are evaluated before more general policies. The following table provides an example of network policies that you can configure for a NAP deployment with three SHVs (A, B, C) where all three SHVs are required for compliance. For a description of the health policies that are used as policy conditions, see Health Policies.

Policy name Policy condition Troubleshooting URL Processing order

ABC Compliant

Pass A, B, C

N/A

1

ABC Noncompliant

Fail A, B, C

https://NAP/abc.html

2

AB Noncompliant

Fail A, B

https://NAP/ab.html

3

AC Noncompliant

Fail A, C

https://NAP/ac.html

4

BC Noncompliant

Fail B, C

https://NAP/bc.html

5

A Noncompliant

Fail A

https://NAP/a.html

6

B Noncompliant

Fail B

https://NAP/b.html

7

C Noncompliant

Fail C

https://NAP/c.html

8

Non-NAP-capable

Non-NAP-capable

N/A

9

To specify different health requirements for different segments of the network, add additional policy conditions to match client requests from these segments and configure health policies to specify health requirements.