question

GloriaGu-MSFT avatar image
0 Votes"
GloriaGu-MSFT asked CandyLuo-MSFT answered

Begining with NAP

Hi,

I administer a Windows 2016 domain with three brach offices and a CPD in another location. All users are in the branch offices.

We have 3 sites. Site 1 is for Branch 1, Site 2 for Branch 2 and Site 3 for central CPD and Branch 3.

All users and computers belong to domain, and we have an EPO McAfee server for antivirus and WSUS for Windows Updates.

We receive external workers all the time in every branch office. They have domain users for accesing servers and resources in domain, but their computers don't belong to the domain.

We want to implement a NAP solution, so that when a computer plugs into the network and a user tries to access the domain in some way (RDP connection, SMB connection or whatever way it establishes connection to domain), we can check if it is a secure computer (i.e., updated antivirus and windows). If not, take it to a network place where it can solve the uncompliances, and when it fullfil the requests, then be granted access.

I know the concept, but I don't know how to put on work. I don't want radius server for remote access and things like that. I just need to know how many servers I need, with which roles each, where they need to be placed, and how exactly give computers access to the remediate servers, and how all this mixes with current infrastructure.

I have found theoretical documentation in Microsoft site, but no hands on and practical information about this.

Hope you can help me with this.

Thread source link: https://social.technet.microsoft.com/Forums/zh-CN/f1e7e9c5-9afe-4693-a2e1-7da0c2296003/begining-with-nap?forum=winserverNAP

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered

Hi ,

Welcome to our new Microsoft Q&A Platform.

In fact, NAP was deprecated in Windows Server 2012 R2 and NAP is not supported in windows 10,also are not available in Windows Server 2016.

12347-3.png

Based on my research, the approach that comes most close is Mobile Device Management (MDM) and apply AV polices and Windows Update policies using System Center Configuration Manager.

Here is a similar thread discussed before, please see:

https://social.technet.microsoft.com/Forums/office/en-US/c63d15e2-9f07-48c8-9b39-6e087a44f935/nap-in-windows-server-2016?forum=winserverNAP

I also found an earlier article discussing how to build NAP, you could take a look:

https://www.microsoftpressstore.com/articles/article.aspx?p=2224362&seqNum=2

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,

Candy





3.png (73.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.