Network Policy Server (NPS) is Microsoft’s solution for enforcing company-wide access policies, including remote authentication. Being able to configure NPS is a key domain of MCSA Exam 70-741, Administering Windows Server 2016, and a must-have job skill for Windows network administrators. This article walks you through the steps to install & configure Windows Server 2016 network policy using NPS, and prepares you for this aspect of MCSA certification. I am gonna help you to set up a VPN for secure remote connectivity, install and configure NPS, configure RADIUS clients, and set up Network Access Protection (NAP) to evaluate connection requests.
- Installing and configuring NPS
- Configuring RADIUS clients
- Configuring NAP
Step 1. Install Network Policy Server 2016
You can use this procedure to install Network Policy Server (NPS) by using the Add Roles Wizard. NPS is a role service of the Network Policy and Access Services server role. To install Network Policy and Access Services server role, follow these steps.
1. Click Start, and then click Server Manager. In the left pane of Server Manager, click Roles, and in the details pane, in Roles Summary, click Add Roles. The Add Roles Wizard opens.
2. If you see the before you begin page, click next to open Select installation type page, select Rule-based or Feature-based installation and click next.
3. On the Select destination Server interface, choose a select server from the Server Pool and then select the server that will host the role. Click Next.
4. In Select Server Roles, in Roles, select Network Policy, and Access Services, and then click Next.
5. On the Feature Window, leave the default selection and then click Next to open Network Policy and Access Services page, read the Network policy and access services page and then click next.
6. Click Next as required until the Confirm installation selections page is displayed.
7. Click Install, when installation is complete in Installation Results, review your installation results, and then click Close.
Configure Network Policy server 2016
Network Policy Server (NPS) allows you to centrally configure and manage network access authentication, authorization, and client health policies with the following three features:
– RADIUS Server
– RADIUS Proxy
– Network Access Protection (NAP) policy server
Plus with this Step, we are going to explain how you can configure NPS on Windows Server 2016
Step 2. Configure RADIUS server for VPN
After NPS is installed, you should have a basic configuration, set a friendly name, the IP address and a shared secret with the virtual private network (VPN) client.
1. Open the Network Policy Server console, from server manager or by typing NPS.MSC at an elevated command prompt.
2. In the standard Configuration pane, select Radius server for Dial-UP or VPN connection from the list.
3. Click Configure VPN or Dial-Up. Select Virtual Private Network (VPN) Connection and click next to accept the default text for the connection.
4. On the Specify Dial-UP or VPN Server page, click add to add a RADIUS Client if you want to add.
5. On the New RADIUS Client page, enter a name in the Friendly name box. Then enter the IP address or DNS name of the VPN Server (RADIUS CLIENT). Click Verify.
6. In the verify Address dialog box, click resolve to verify that the name or IP address can be resolved.
7. Click Ok to return to the New RADIUS Client dialog box.
8. In the shared Secret section of the “NEW Radius Client” dialog box, click on “Manual” to type in a manual shared secret, Or you click “Generate” and then generate very long, random shared secret, like the below screenshot, and after you determine which method you will use click “Ok”.
9. Click next to open Configure Authentication Methods page, Select the Microsoft Encrypted Authentication Version 2 (MS-CHAPv2).
9. Click Next; on the Specify User Groups page, Select the security group that should be allowed to connect via VPN. Click next.
10. On the Specify IP Filters page, you can specify input and output filter for IPV4, IPV6, or for both. You can choose from a filter template or specify directly.
11. On the next page of the wizard, you will have to the level of encrypting that will be supported, uncheck any Encryption levels you don’t need, and click Next.
12. On the Specify a Realm Name page, in specify realm name you can specify a realm name that an ISP can use to specify which connection should be routed to this server.
13. Click Next, Confirm the settings and then click finish to complete the wizard.
14. After you click Finish, the new policies will show up in the Policies nodes of the NPS management console, under Connect Request Policies and Network Policies.
The RADIUS clients that you configured through the wizard will show up in the RADIUS Clients node. Now you know how you can configure Network Policy Server “NPS” on windows server 2016
We begin our discussion about NPS & how to install NPS & configure NPS in server 2016. We covered the steps of installing and configuring network policy in windows server 2016. At the next time, we’ll talk about how to use the Advanced Configuration option, (how to configure RADIUS server groups and how to configure a RADIUS proxy). I Hope you understand something new from this article. if you face any issue with the configuration please comment here and we shall help you ASAP.