Configure Network Policy for Full Enforcement

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Full enforcement is one of the three primary phases of a NAP deployment. With full enforcement, noncompliant computers are denied access to the network. This phase introduces the greatest impact to users. By this stage of the deployment, you should fully understand the reporting data so that the business impact of restricting noncompliant computers can be anticipated and appropriate resources are in place. It is critical that you monitor daily NAP statistics and trends during this stage.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

Configure network policy full enforcement

To implement full enforcement, use a NAP enforcement setting of Allow limited access in noncompliant network policy.

To configure network policy for full enforcement

  1. Click Start, click Run, type nps.msc, and then press ENTER.

  2. In the Network Policy Server console tree, open Policies\Network Policies.

  3. In the details pane, under Policy Name, double-click the name of the network policy for noncompliant NAP client computers.

  4. In the policy properties window, on the Settings tab, click NAP Enforcement, choose Allow limited access, and then click OK. See the following example.

  5. Close the NPS console.

See Also


Configure Network Policy for Reporting Mode
Configure Network Policy for Deferred Enforcement