Network Policy Server (NPS) Technical Reference

Applies To: Windows Server 2008, Windows Server 2008 R2

In this guide

Network Policy Server (NPS) is a networking component of Windows Server® 2008 that allows you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization. In addition, you can use a server running NPS as a RADIUS proxy to forward connection requests to NPS or other Remote Authentication Dial-In User Service (RADIUS) servers that you configure in remote RADIUS server groups.

The Network Policy Server (NPS) Technical Reference provides a detailed description of NPS, including how NPS works, and the tools and settings you can use to deploy, administer, and troubleshoot NPS.

In Windows Server® 2008, Network Policy Server (NPS) is included in the Network Policy and Access Services (NPAS) server role.

The NPAS server role is a logical grouping in the Add Roles installation wizard of the following network access technologies:

  • Network Policy Server (NPS)

  • Routing and Remote Access service (RRAS)

  • Health Registration Authority (HRA)

  • Host Credentials Authorization Protocol (HCAP)

These technologies are the role services of the NPAS server role. When you install the NPAS server role, you can install one or more role services while running the Add Roles Wizard. The Add Roles Wizard is accessible in both Initial Configuration Tasks and Server Manager in the Windows Server 2008 graphical user interface.

Note

In Windows Server 2008, Network Policy Server (NPS) replaces the Internet Authentication Service (IAS) component of Windows Server 2003.

Windows Server 2008 Editions and NPS

NPS provides different functionality depending on the edition of Windows Server 2008 that you install.

Windows Server 2008 Enterprise and Datacenter Editions

With NPS in Windows Server 2008 Enterprise and Windows Server 2008 Datacenter, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure RADIUS clients by specifying an IP address range.

Windows Server 2008 Standard Edition

With NPS in Windows Server 2008 Standard, you can configure a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client by using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the NPS server uses the first IP address returned in the Domain Name System (DNS) query.

Windows Web Server 2008

NPS is not included in this edition of Windows Server 2008.