網路原則Network Policies

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

您可以使用此主題中 NPS 的網路原則的概觀。You can use this topic for an overview of network policies in NPS.

注意

本主題中,除了下列網路原則文件會提供。In addition to this topic, the following network policy documentation is available.

網路原則是設定的條件,限制和設定,可讓您指定獲得連上網路及下的人員或無法連接。Network policies are sets of conditions, constraints, and settings that allow you to designate who is authorized to connect to the network and the circumstances under which they can or cannot connect.

當處理連接要求為遠端驗證 Dial 使用者服務 (RADIUS) 伺服器、NPS 執行驗證與授權連接要求。When processing connection requests as a Remote Authentication Dial-In User Service (RADIUS) server, NPS performs both authentication and authorization for the connection request. 驗證程序期間 NPS 驗證身分的使用者或電腦已連接到網路。During the authentication process, NPS verifies the identity of the user or computer that is connecting to the network. 授權程序期間 NPS 判斷是否允許的使用者或電腦來存取該網路。During the authorization process, NPS determines whether the user or computer is allowed to access the network.

為了讓這些判斷,NPS 使用已 NPS 主機的網路原則。To make these determinations, NPS uses network policies that are configured in the NPS console. NPS 也會檢查的 Active Directory 中帳號撥號屬性®Domain Services (AD DS) 執行的授權。NPS also examines the dial-in properties of the user account in Active Directory® Domain Services (AD DS) to perform authorization.

網路原則-排序組規則Network Policies - An Ordered Set of Rules

網路原則可被視為規則。Network policies can be viewed as rules. 每個規則具有條件和設定的設定。Each rule has a set of conditions and settings. NPS 比較連接要求的屬性規則條件。NPS compares the conditions of the rule to the properties of connection requests. 如果相符項目,就會發生規則與連接要求,連接到套用定義規則中的設定。If a match occurs between the rule and the connection request, the settings defined in the rule are applied to the connection.

多個網路原則設定 NPS 中,有一組排序的規則。When multiple network policies are configured in NPS, they are an ordered set of rules. NPS 檢查清單中,然後在第二個,等等,第一個規則針對每個連接要求之前找出符合的。NPS checks each connection request against the first rule in the list, then the second, and so on, until a match is found.

每個網路原則有原則狀態設定,可讓您可以或停用的原則。Each network policy has a Policy State setting that allows you to enable or disable the policy. 停用的網路原則,NPS 不會評估原則時授權連接要求。When you disable a network policy, NPS does not evaluate the policy when authorizing connection requests.

注意

如果您想要 NPS 評估的網路原則執行授權連接要求時,您必須設定原則狀態中選取原則設定支援核取方塊。If you want NPS to evaluate a network policy when performing authorization for connection requests, you must configure the Policy State setting by selecting the Policy enabled check box.

網路原則屬性Network policy properties

有四種針對每個的網路原則屬性:There are four categories of properties for each network policy:

概觀Overview

這些屬性,可讓您指定是否已支援原則,是否原則授與拒絕存取,或特定網路連接方法或輸入網路存取伺服器 (NAS)、是否需要連接要求。These properties allow you to specify whether the policy is enabled, whether the policy grants or denies access, and whether a specific network connection method, or type of network access server (NAS), is required for connection requests. 概觀屬性也可讓您指定是否忽略帳號 AD DS 在撥號屬性。Overview properties also allow you to specify whether the dial-in properties of user accounts in AD DS are ignored. 如果您選取此選項,在網路原則設定可 nps 判斷是否授權連接。If you select this option, only the settings in the network policy are used by NPS to determine whether the connection is authorized.

條件Conditions

這些屬性,可讓您指定連接要求必須符合的網路原則; 以的條件如果在原則設定的條件符合連接要求,NPS 會套用指定在連接的網路原則設定。These properties allow you to specify the conditions that the connection request must have in order to match the network policy; if the conditions configured in the policy match the connection request, NPS applies the settings designated in the network policy to the connection. 例如,如果您的網路原則條件為指定 NAS IPv4 位址,NPS 從指定 IP 位址 NAS 接收連接要求原則中的條件符合連接要求。For example, if you specify the NAS IPv4 address as a condition of the network policy and NPS receives a connection request from a NAS that has the specified IP address, the condition in the policy matches the connection request.

限制Constraints

限制的其他符合連接要求所需的網路原則的參數。Constraints are additional parameters of the network policy that are required to match the connection request. 連接要求不符合限制,如果 NPS 自動請求。If a constraint is not matched by the connection request, NPS automatically rejects the request. 然而 NPS 回應不符合的條件中的網路原則,不符合限制,如果 NPS 拒絕連接要求而不需要評估額外的網路原則。Unlike the NPS response to unmatched conditions in the network policy, if a constraint is not matched, NPS denies the connection request without evaluating additional network policies.

設定Settings

這些屬性,可讓您指定 NPS 適用於連接要求如果符合所有的網路原則條件原則設定。These properties allow you to specify the settings that NPS applies to the connection request if all of the network policy conditions for the policy are matched.

當您使用 NPS 主機新增新的網路原則時,您必須使用新的網路原則精靈。When you add a new network policy by using the NPS console, you must use the New Network Policy Wizard. 您的網路原則建立使用精靈之後,您可以自訂原則,按兩下以取得原則的屬性 NPS 主控台原則。After you have created a network policy by using the wizard, you can customize the policy by double-clicking the policy in the NPS console to obtain the policy properties.

範例模式比語法指定的網路原則屬性,請查看使用規則運算式 NPS 在For examples of pattern-matching syntax to specify network policy attributes, see Use Regular Expressions in NPS.

如需 NPS 的詳細資訊,請查看的網路原則 Server (NPS)For more information about NPS, see Network Policy Server (NPS).