网络策略服务器管理与管理工具Network Policy Server Management with Administration Tools

适用于:Windows Server(半年频道)、Windows Server 2016Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016

你可以使用本主题来了解可用于管理 NPSs 的工具。You can use this topic to learn about the tools that you can use to manage your NPSs.

安装 NPS 后,可以管理 NPSs:After you install NPS, you can administer NPSs:

  • 在本地,使用 NPS Microsoft 管理控制台 ( mmc ) 管理单元、"管理工具" 中的静态 NPS 控制台、Windows PowerShell 命令或用于 NPS 的 "网络 Shell ( Netsh" ) 命令。Locally, by using the NPS Microsoft Management Console (MMC) snap-in, the static NPS console in Administrative Tools, Windows PowerShell commands, or the Network Shell (Netsh) commands for NPS.
  • 通过使用 NPS MMC 管理单元、用于 NPS 的 Netsh 命令、用于 NPS 的 Windows PowerShell 命令或远程桌面连接。From a remote NPS, by using the NPS MMC snap-in, the Netsh commands for NPS, the Windows PowerShell commands for NPS, or Remote Desktop Connection.
  • 从远程工作站使用远程桌面连接与其他工具(例如 NPS MMC 或 Windows PowerShell)结合使用。From a remote workstation, by using Remote Desktop Connection in combination with other tools, such as the NPS MMC or Windows PowerShell.

备注

在 Windows Server 2016 中,可以使用 NPS 控制台来管理本地 NPS。In Windows Server 2016, you can manage the local NPS by using the NPS console. 若要同时管理远程和本地 NPSs,必须使用 NPS MMC 管理单元 - 。To manage both remote and local NPSs, you must use the NPS MMC snap-in.

以下各节提供有关如何管理本地和远程 NPSs 的说明。The following sections provide instructions on how to manage your local and remote NPSs.

使用 NPS 控制台配置本地 NPSConfigure the Local NPS by Using the NPS Console

安装了 NPS 后,可以使用此过程通过使用 NPS MMC 来管理本地 NPS。After you have installed NPS, you can use this procedure to manage the local NPS by using the NPS MMC.

管理凭据Administrative Credentials

若要完成此过程,你必须是Administrators组的成员。To complete this procedure, you must be a member of the Administrators group.

使用 NPS 控制台配置本地 NPSTo configure the local NPS by using the NPS console

  1. 在“服务器管理器”中,单击“工具”****,然后单击“网络策略服务器”****。In Server Manager, click Tools, and then click Network Policy Server. 此时将打开 NPS 控制台。The NPS console opens.

  2. 在 NPS 控制台中,单击 "NPS ( 本地" ) 。In the NPS console, click NPS (Local). 在详细信息窗格中,选择 "标准配置" 或 "高级配置",然后根据你的选择执行以下操作之一:In the details pane, choose either Standard Configuration or Advanced Configuration, and then do one of the following based upon your selection:

    • 如果选择 "标准配置",请从列表中选择一个方案,然后按照说明启动配置向导。If you choose Standard Configuration, select a scenario from the list, and then follow the instructions to start a configuration wizard.
    • 如果选择 "高级配置",请单击箭头展开 "高级配置选项",然后根据所需的 NPS 功能(radius 服务器、radius 代理)查看和配置可用选项。If you choose Advanced Configuration, click the arrow to expand Advanced Configuration options, and then review and configure the available options based on the NPS functionality that you want - RADIUS server, RADIUS proxy, or both.

使用 NPS MMC 管理单元管理多个 NPSs -Manage Multiple NPSs by Using the NPS MMC Snap-in

您可以使用此过程通过使用 NPS MMC 管理单元来管理本地 NPS 和多个远程 NPSs - 。You can use this procedure to manage the local NPS and multiple remote NPSs by using the NPS MMC snap-in.

在执行以下过程之前,必须在本地计算机和远程计算机上安装 NPS。Before performing the procedure below, you must install NPS on the local computer and on remote computers.

根据网络条件和使用 NPS MMC 管理单元管理的 NPSs 数量 - ,mmc 管理单元的响应 - 可能会很慢。Depending on network conditions and the number of NPSs you manage by using the NPS MMC snap-in, response of the MMC snap-in might be slow. 此外,通过网络在远程管理会话过程中通过网络发送 NPS 配置流量,方法是使用 "NPS" 管理单元 - 。In addition, NPS configuration traffic is sent over the network during a remote administration session by using the NPS snap-in. 确保你的网络在物理上是安全的,并且恶意用户无权访问此网络流量。Ensure that your network is physically secure and that malicious users do not have access to this network traffic.

管理凭据Administrative Credentials

若要完成此过程,你必须是Administrators组的成员。To complete this procedure, you must be a member of the Administrators group.

使用 NPS 管理单元管理多个 NPSs -To manage multiple NPSs by using the NPS snap-in

  1. 若要打开 MMC,请以管理员身份运行 Windows PowerShell。To open the MMC, run Windows PowerShell as an Administrator. 在 Windows PowerShell 中,键入mmc,然后按 enter。In Windows PowerShell, type mmc, and then press ENTER. 将打开 Microsoft 管理控制台。The Microsoft Management Console opens.
  2. 在 MMC 的 "文件" 菜单上,单击 "添加/删除 - 管理单元"。In the MMC, on the File menu, click Add/Remove Snap-in. "添加或删除管理 - 单元" 对话框将打开。The Add or Remove Snap-ins dialog box opens.
  3. 在 "添加或删除 - 管理单元" 的 "可用的管理单元" - 中,向下滚动列表,单击 "网络策略服务器",然后单击 "添加"。In Add or Remove Snap-ins, in Available snap-ins, scroll down the list, click Network Policy Server, and then click Add. 此时将打开 "选择计算机" 对话框。The Select Computer dialog box opens.
  4. 在 "选择计算机" 中,确认已选中 "本地计算机 ( 运行 ) 此控制台的计算机" ,然后单击 "确定"In Select Computer, verify that Local computer (the computer on which this console is running) is selected, and then click OK. 本地 NPS 的 "管理单元" - 将添加到 "选定的**管理单元 - **" 列表中。The snap-in for the local NPS is added to the list in Selected snap-ins.
  5. 在 "添加或删除 - 管理单元" 中,在 "**可用的管理单元 - **" 中,确保 "网络策略服务器" 仍处于选中状态,然后单击 "添加"。In Add or Remove Snap-ins, in Available snap-ins, ensure that Network Policy Server is still selected, and then click Add. 此时将打开 "选择计算机" 对话框。The Select Computer dialog box opens again.
  6. 在 "选择计算机" 中,单击 "其他计算机",然后键入 ( ) 要使用 "NPS" 管理单元管理的远程 NPS 的 IP 地址或完全限定的域名 FQDN - 。In Select Computer, click Another computer, and then type the IP address or fully qualified domain name (FQDN) of the remote NPS that you want to manage by using the NPS snap-in. 还可以单击 "浏览" 细读要添加的计算机的目录。Optionally, you can click Browse to peruse the directory for the computer that you want to add. 单击“确定”。Click OK.
  7. 重复步骤5和步骤6,将更多 NPSs 添加到 NPS 管理单元 - 。Repeat steps 5 and 6 to add more NPSs to the NPS snap-in. 添加要管理的所有 NPSs 后,单击 "确定"When you have added all the NPSs you want to manage, click OK.
  8. 若要保存 NPS 管理单元以供以后使用,请单击 "文件",然后单击 "保存"。To save the NPS snap-in for later use, click File, and then click Save. 在 "另存为" 对话框中,浏览到要保存文件的硬盘位置,键入 Microsoft 管理控制台 ( .msc 文件的名称 ) ,然后单击 "保存"。In the Save As dialog box, browse to the hard disk location where you want to save the file, type a name for your Microsoft Management Console (.msc) file, and then click Save.

使用远程桌面连接管理 NPSManage an NPS by Using Remote Desktop Connection

您可以使用此过程通过远程桌面连接来管理远程 NPS。You can use this procedure to manage a remote NPS by using Remote Desktop Connection.

通过使用远程桌面连接,你可以远程管理运行 Windows Server 2016 的 NPSs。By using Remote Desktop Connection, you can remotely manage your NPSs running Windows Server 2016. 还可以从运行 Windows 10 或更早版本的 Windows 客户端操作系统的计算机上远程管理 NPSs。You can also remotely manage NPSs from a computer running Windows 10 or earlier Windows client operating systems.

可以使用远程桌面连接通过以下两种方法之一来管理多个 NPSs。You can use Remote Desktop connection to manage multiple NPSs by using one of two methods.

  1. 分别创建与每个 NPSs 的远程桌面连接。Create a Remote Desktop connection to each of your NPSs individually.
  2. 使用远程桌面连接到一个 NPS,然后使用该服务器上的 NPS MMC 来管理其他远程服务器。Use Remote Desktop to connect to one NPS, and then use the NPS MMC on that server to manage other remote servers. 有关详细信息,请参阅上一节使用 NPS mmc 管理单元管理多个 - NPSsFor more information, see the previous section Manage Multiple NPSs by Using the NPS MMC Snap-in.

管理凭据Administrative Credentials

若要完成此过程,您必须是 NPS 上 Administrators 组的成员。To complete this procedure, you must be a member of the Administrators group on the NPS.

使用远程桌面连接管理 NPSTo manage an NPS by using Remote Desktop Connection

  1. 在要远程管理的每个 NPS 上,在服务器管理器中,选择 "本地服务器"。On each NPS that you want to manage remotely, in Server Manager, select Local Server. 在 "服务器管理器详细信息" 窗格中,查看 "远程桌面" 设置,然后执行以下操作之一。In the Server Manager details pane, view the Remote Desktop setting, and do one of the following.
    1. 如果 "远程桌面" 设置的值为 "已启用",则无需执行此过程中的某些步骤。If the value of the Remote Desktop setting is Enabled, you do not need to perform some of the steps in this procedure. 跳到步骤4,开始配置远程桌面用户权限。Skip down to Step 4 to start configuring Remote Desktop User permissions.
    2. 如果 "远程桌面" 设置处于禁用状态,请单击 "已禁用"。If the Remote Desktop setting is Disabled, click the word Disabled. "系统属性" 对话框将在 "远程" 选项卡上打开。The System Properties dialog box opens on the Remote tab.
  2. 远程桌面中,单击 "允许远程连接到此计算机"。In Remote Desktop, click Allow remote connections to this computer. 此时将打开 "远程桌面连接" 对话框。The Remote Desktop Connection dialog box opens. 执行下列操作之一:Do one of the following.
    1. 若要自定义允许的网络连接,请单击 "高级安全 Windows 防火墙",然后配置你希望允许的设置。To customize the network connections that are allowed, click Windows Firewall with Advanced Security, and then configure the settings that you want to allow.
    2. 若要为计算机上的所有网络连接启用远程桌面连接,请单击 "确定"To enable Remote Desktop Connection for all network connections on the computer, click OK.
  3. 在 "系统属性" 中的 "远程桌面" 中,决定是启用 "仅允许从运行远程桌面的计算机连接" 网络级别身份验证,然后进行选择。In System Properties, in Remote Desktop, decide whether to enable Allow connections only from computers running Remote Desktop with Network Level Authentication, and make your selection.
  4. 单击 "选择用户"。Click Select Users. "远程桌面用户" 对话框将打开。The Remote Desktop Users dialog box opens.
  5. 在 "远程桌面用户" 中,若要向用户授予远程连接到 NPS 的权限,请单击 "添加",然后键入用户帐户的用户名。In Remote Desktop Users, to grant permission to a user to connect remotely to the NPS, click Add, and then type the user name for the user's account. 单击“确定”。Click OK.
  6. 对于要向其授予对 NPS 的远程访问权限的每个用户,请重复步骤5。Repeat step 5 for each user for whom you want to grant remote access permission to the NPS. 添加完用户后,请单击 "确定" 关闭 "远程桌面用户" 对话框,然后再次单击 "确定" 关闭 "系统属性" 对话框。When you're done adding users, click OK to close the Remote Desktop Users dialog box and OK again to close the System Properties dialog box.
  7. 若要使用前面的步骤连接到已配置的远程 NPS,请单击 "开始",向下滚动按字母顺序排列的列表,然后单击 " Windows 附件",然后单击 "远程桌面连接"。To connect to a remote NPS that you have configured by using the previous steps, click Start, scroll down the alphabetical list and then click Windows Accessories, and click Remote Desktop Connection. 此时将打开 "远程桌面连接" 对话框。The Remote Desktop Connection dialog box opens.
  8. 在 "远程桌面连接" 对话框的 "计算机" 中,键入 NPS 名称或 IP 地址。In the Remote Desktop Connection dialog box, in Computer, type the NPS name or IP address. 如果需要,请单击 "选项",配置其他连接选项,然后单击 "保存" 以保存连接以重复使用。If you prefer, click Options, configure additional connection options, and then click Save to save the connection for repeated use.
  9. 单击 "连接",然后在出现提示时,提供有权登录并配置 NPS 的帐户的用户帐户凭据。Click Connect, and when prompted provide user account credentials for an account that has permissions to log on to and configure the NPS.

使用 Netsh NPS 命令管理 NPSUse Netsh NPS commands to manage an NPS

可以使用 Netsh NPS 上下文中的命令显示和设置 NPS 和远程访问服务使用的身份验证、授权、记帐和审核数据库的配置。You can use commands in the Netsh NPS context to show and set the configuration of the authentication, authorization, accounting, and auditing database used both by NPS and the Remote Access service. 使用 Netsh NPS 上下文中的命令来执行以下操作:Use commands in the Netsh NPS context to:

  • 配置或重新配置 NPS,包括也可通过在 Windows 界面中使用 NPS 控制台进行配置的 NPS 的所有方面。Configure or reconfigure an NPS, including all aspects of NPS that are also available for configuration by using the NPS console in the Windows interface.
  • 将源服务器) (包括注册表项和 NPS 配置存储) (一个 NPS 的配置导出为 Netsh 脚本。Export the configuration of one NPS (the source server), including registry keys and the NPS configuration store, as a Netsh script.
  • 使用 Netsh 脚本和源 NPS 中的导出配置文件,将配置导入到另一个 NPS。Import the configuration to another NPS by using a Netsh script and the exported configuration file from the source NPS.

你可以从 Windows Server 2016 命令提示符或 Windows PowerShell 中运行这些命令。You can run these commands from the Windows Server 2016 Command Prompt or from Windows PowerShell. 你还可以在脚本和批处理文件中运行 netsh nps 命令。You can also run netsh nps commands in scripts and batch files.

管理凭据Administrative Credentials

若要执行此过程,您必须是本地计算机 Administrators 组的成员。To perform this procedure, you must be a member of the Administrators group on the local computer.

在 NPS 上输入 Netsh NPS 上下文To enter the Netsh NPS context on an NPS

  1. 打开 "命令提示符" 或 "Windows PowerShell"。Open Command Prompt or Windows PowerShell.
  2. 键入netsh,然后按 enter。Type netsh, and then press ENTER.
  3. 键入nps,然后按 enter。Type nps, and then press ENTER.
  4. 若要查看可用命令的列表,请键入问号 ( ? ) ,然后按 enter。To view a list of available commands, type a question mark (?) and press ENTER.

有关 Netsh NPS 命令的详细信息,请参阅Windows Server 2008 中的网络策略服务器的 Netsh 命令,或从 TechNet 库下载完整的netsh 技术参考For more information about Netsh NPS commands, see Netsh Commands for Network Policy Server in Windows Server 2008, or download the entire Netsh Technical Reference from TechNet Gallery. 此下载是适用于 Windows Server 2008 和 Windows Server 2008 R2 的完整网络 Shell 技术参考。This download is the full Network Shell Technical Reference for Windows Server 2008 and Windows Server 2008 R2. 格式为 ( zip 文件中的 Windows Help * .chm ) 。The format is Windows Help (*.chm) in a zip file. 这些命令仍然存在于 Windows Server 2016 和 Windows 10 中,因此你可以在这些环境中使用 netsh,但建议使用 Windows PowerShell。These commands are still present in Windows Server 2016 and Windows 10, so you can use netsh in these environments, although using Windows PowerShell is recommended.

使用 Windows PowerShell 管理 NPSsUse Windows PowerShell to manage NPSs

可以使用 Windows PowerShell 命令来管理 NPSs。You can use Windows PowerShell commands to manage NPSs. 有关详细信息,请参阅下面的 Windows PowerShell 命令参考主题。For more information, see the following Windows PowerShell command reference topics.

有关 NPS 管理的详细信息,请参阅管理网络策略服务器 (NPS) For more information about NPS administration, see Manage Network Policy Server (NPS).