Hello how are they going?
I'm implementing a solution of NAP 2008 R2 + DHCP , with the following distribution of servers and services:
- SRV01: ADDS + DHCP + CA
- SRV02: NPS
I have guided the following links:
https://technet.microsoft.com/en-us/library/cc772356(v=ws.10).aspx
https://www.microsoft.com/en-us/download/details.aspx?id=2409
In short, i did the following:
- Create a OU in the ADDS with name Test
- In this OU I put the 02 client computers for testing (CLIENT01 and CLIENT02 both with Windows 7 Pro).
- I configured the NPS
- I created a System Health Validator
- I created a health policy for compliant and noncompliant clients.
- I created a network policy for compliant and compliant clients.
- First question: As the DHCP server is separated, I had to install and configure NPS role as a RADIUS proxy, is this correct?...When configuring the RADIUS client (proxy) in the field IP address the IP address of the DHCP server was placed, is that correct? or should be the IP address of the NPS server?
- I created and configured a GPO to configure client computers.
- I assigned the policy to the OU Test.
- I validated that the policy is applied to client computers.
- I configured the scope options for default user class (compliant clients) and default network access protection class (noncompliant clients).Second question: Is correct set 02 classes under the same scope? or you must create a separate VLAN for noncompliant computers?
- I configured the test DHCP scope (192.168.10.0) with NAP.
Then I started testing the client computers and the result was as follows:
- Client01 (compliant client): Get IP address / Not notice that the client has met the requirements, although it is set to the GPO is displayed.
- Client02 (noncompliant client): Get APIPA / Not notice that the client has not met the requirements, although it is set to the GPO is displayed.
Third question: It is assumed that noncompliant client should receive an IP address with mask 255.255.255.255, that does not have network access. then why APIPA receipt? or do I need some additional configuration?
Fourth question: On the same server you can be configured NAP DHCP and 802.1x enforcement? Any rules that must be followed?
Thanks very much!
Best regards.