Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to deploy NAP For DHCP limit illegal client". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to deploy NAP For DHCP limit illegal client".

We often find that some computers that do not meet the company's security policy connect to the corporate network and access the corporate network by obtaining TCP/IP configuration from the company's DHCP server, which brings great risk. In fact, we can use the network access protection (NAP) technology of Windows Server 2008 to control the configuration of these clients from the DHCP server, so as to control their access to the corporate intranet. Below the author deployment environment on the "NAP for DHCP" deployment and testing of a demonstration, I hope to help you.

Environment description:

DHCP server, NAP server of Ctocio:Windows Server 2008

Client of Test:Windows Vista

1. NAP server-side configuration

(1)。 Configure Health Policy Server

Log in to Ctocio as administrator administrator, click start → Administrative tools, and open the Network Policy Server window. Expand "NPS" → "Network access Protection" → "system Health Validator", double-click "Windows Security Health Validator" in the content panel, in the "Windows Security Health Validator Properties" dialog box, click "configuration" check only "Firewall enabled for all network connections", cancel all other choices (note that there is no need to cancel the selection of "Windows Update") Click OK to close the Windows Safety and Health Validator Properties dialog box. (figure 1)

Figure 1 Windows Safety and Health Verification Program

 should note that the Windows Security and Health Verification Program, a SHV provided by Microsoft, is mainly used to monitor the status of the client computer security center. Of course, if you also want to monitor the security configuration of products from third-party manufacturers, you also need to install SHV developed by other manufacturers.

(2)。 Configure the update server group

In the right pane of the "Network Policy Server" window, under "Network access Protection", right-click "Update Server Group", click "New" pop-up dialog box, enter "Windows Settings Update Server Group 1" in "Group name", then click "add", enter 192.168.1.1 under "IP address or DNS name", and then click "OK" twice. To be clear, the servers included in this group should actually be placed on servers used to patch clients in a restricted network, such as WSUS servers, virus database upgrade servers, and so on. (figure 2)

Figure 2 create a new WSUS server

Thank you for your reading, the above is the content of "how to deploy NAP For DHCP to limit illegal clients". After the study of this article, I believe you have a deeper understanding of how to deploy NAP For DHCP to limit illegal clients, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.