Checklist: Configure NPS for Dial-Up and VPN Access

Applies To: Windows Server 2008

Checklist: Configuring NPS for dial-up and VPN access

This checklist provides the steps required to deploy dial-up and VPN servers with Network Policy Server (NPS).

Task Reference

Install and configure dial-up and VPN servers.

RADIUS Server for Dial-Up or VPN Connections and your hardware documentation

Determine the authentication method that you want to use.

RADIUS Server for Dial-Up or VPN Connections; Certificate Requirements for PEAP and EAP; and your hardware documentation

Autoenroll a server certificate to NPS servers or, if you are using PEAP-MS-CHAP v2 only, purchase a server certificate.

Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication (

If you are using EAP-TLS or PEAP-TLS without smart cards, autoenroll user certificates, computer certificates, or both user and computer certificates, to domain member client computers.

Deploy Client Computer Certificates and Deploy User Certificates

Configure dial-up and VPN servers as RADIUS clients in NPS.

Add a New RADIUS Client and RADIUS Clients

Create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the switches.

Create a Group for a Network Policy

In NPS, configure one or more network policies for dial-up and VPN servers.

Add a Network Policy; Create Policies for Dial-Up or VPN with a Wizard; Network Policies