How to Install and Configure Network Policy Server 2016
In This article we are going to show you, how to install and configure Network Policy Server 2016, Network Policy Server is available Windows Server 2012, 2012 R2 and Windows Server 2016. Network Policy Server (NPS) enables you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization.
Install Network Policy Server 2016
You can use this procedure to install Network Policy Server (NPS) by using the Add Roles Wizard. NPS is a role service of the Network Policy and Access Services server role. To install Network Policy and Access Services server role, follow these steps.
1. ClickStart, and then click Server Manager. In the left pane of Server Manager, click Roles, and in the details pane, in Roles Summary, click Add Roles. The Add Roles Wizard opens.
2. If you see the before you begin page, click next to open Select installation type page, select Rule-based or Feature-based installation and click next.
3. On the Select destination Server interface, choose a select server from the Server Pool and then select the server that will host the role. Click Next.
4. InSelect Server Roles, in Roles, select Network Policy and Access Services, and then click Next.
5. On the Feature Window, leave the default selection and then click Next to open Network Policy and Access Services page,read the Network policy and access services page and then click next.
6. Click Next as required until theconfirm installation selections page is displayed.
7. Click Install, when installation is complete inInstallation Results, review your installation results, and then click Close.
Configure Network Policy server 2016
Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for client health, connection request authentication, and connection request authorization. In addition, you can use NPS as a Remote Authentication Dial-In User Service (RADIUS) proxy to forward connection requests to a server running NPS or other RADIUS servers that you configure in remote RADIUS server groups
Configure RADIUS server for VPN
After NPS is installed, you have to so basic configuration, set a friendly name, the IP address and a shared secret with the virtual private network (VPN) client.
1. Open the Network Policy Server console, from server manager or by typing NPS.MSC at an elevated command prompt.
2. In the standard Configuration pane, select Radius server for Dial-UP or VPN connection from the list.
3. Click Configure VPN or Dial-Up. Select Virtual Private Network (VPN) Connection and click next to accept the default text for the connection.
4. On the Specify Dial-UP or VPN Server page, click add to add a RADIUS Client if you want to add.
5. On the New RADIUS Client page, enter a name in the Friendly name box. Then enter the IP address or DNS name of the VPN Server (RADUIS CLIENT). Click Verify
6. In the verify Address dialog box, click resolve to verify that the name or IP address can be resolved.
7. Click Ok to return to the New RADIUS Client dialog box.
8. In the shared Secret section of the NEW Radius Client dialog box, select Manual to type in a manual shared secret. Or select Generate and then click Generate to generate very long, random shared secret.
9. Click Ok to add the RADIUS CLIENT. Click add to add additional client, Edit to change the setting for a client, or remove to remove a client from the list of supported RADUIS CLIENT.
10. Click next to open Configure Authentication Methods page, Select the Microsoft Encrypted Authentication Version 2 (MS-CHAPv2).
11. Click Next; on the Specify User Groups page, Select the security group that should be allowed to connect via VPN. Click next.
12. On the Specify IP Filters page, you can specify input and output filter for IPV4, IPV6, or for both. You can choose from a filter template or specify directly.
13. Click Next to specify the level of encrypt that will be supported:
- Basic Encryption (MPPE 40-bit)
- Strong Encryption (MPPE 56-bit)
- Strongest Encryption (MPPE 128-bit)
14. Deselect any Encryption levels you don’t need to support and click next.
15. On the Specify a Realm Name page, in specify realm name you can specify a realm name that an ISP can use to specify which connection should be routed to this server.
16. Click Next, Confirm the settings, and then click finish to complete the wizard.
17. After you clickFinish, the new policies will show up in the Policies nodes of the NPS management console, under Connect Request Policies and Network Policies.
Your RADIUS clients that you configured through the wizard will show up in the RADIUS Clients node.
Conclusion: we began our discussion of RADIUS and how to configure the NPS to act as a RADIUS server. We covered the steps of the configuration wizard this time, and next time we’ll talk about how to use the Advanced Configuration option, how to configure RADIUS server groups and how to configure a RADIUS proxy. Hope you understand something from this article, if you any question from this article you can leave you feedback in comment bellow.