Turn on win2008 Network Access Protection

1, the installation of Network Access Protection function; Open the Win2008 system's Start menu, select Programs/Administrative Tools/Server Manager commands from the following, click the Roles node option from the left area of the Server Manager window that appears, and click the Add Role feature on the right display area of the node that you want to have. Open the Role Add Wizard window, follow the prompts to select the network policy and Access services item, click the Install button, and then follow the wizard defaults to complete the Network Access Protection feature installation task;

　　2, the establishment of health and safety standards ; When you do this, you can click the Server Manager button in the system tray to select roles, network Policy and access services, NPS, network Access Protection, and then from the left area of the Server Manager window that pops up. System Health Verifier node option, and then click the Properties button in the right area of the target option, open the Security Health Verification dialog box, click the Configure button, and select a number of health and safety standards, such as the normal antivirus application enabled, firewall enabled for all network connections, and antivirus programs up to date. Any future computers that need to be connected to the local area network must meet the above health standards, and the Win2008 system will consider it a healthy and safe computer.

　　3, the creation of security verification strategy; When you create a healthy security validation policy, we can first position the mouse over the Network Policy server node option in the left area of the Server Manager window, and then expand the policy, health policy branch from the target node, and then click the New button under the target branch. Set the new policy name to healthy computer from the pop-up Security Validation Policy dialog box. Set the client SHV check parameter to the client has passed all SHV checks, select the SHV used in this health policy as Windows Security Health Verifier, and then click OK button to end healthy security validation policy creation operation; In the same procedure, we can also create an unhealthy security verification policy, only when we create this policy, we must select the client SHV check parameter as "The client failed to pass one or more SHV checks." The rest of the parameters are identical to the above;

　　4, create a new network connection strategy; Set the mouse first on the network policy and Access Services node on the left side of the Server Manager window. and select the "NPS", "policy", "Network Policy" option from under the node, click the New button under the target option, and a Network Connection Policy wizard window appears on the system screen; Here, set the policy Name argument to healthy connections. Select the Network access server type option as DHCP server, and then click the Add button from the following interface, select Select Criteria to be a previously created healthy computer Policy, and then follow the wizard's default prompts to choose one point at a time. Access granted, perform only the computer Health Check setting option, and finally set the policy settings parameter to NAP enforcement allow full network access, and click Finish to end network connection policy creation. And then follow the same procedure, we create an "unhealthy connection" network policy, but in doing so we must select the "Select Criteria" argument as the "unhealthy computer" policy, and set the policy settings argument to the Deny access option, with the remaining parameters identical to the above;

　　5, the DHCP service function to set; Considering the normal computer to access the network, the first need to contact the DHCP server in the local area network, so we must set up the appropriate DHCP service parameters to ensure that all the computer's Internet connection requests through the DHCP function to the WIN2008 system to the network Access Protection function to handle. Click Start/Program/Administrative Tools/Server Manager/DHCP options in the server System desktop, and then enter the DHCP Server console interface, open the property interface for the target scope, click the Network Access Protection tab in the interface, and select in the corresponding Options settings page. Enable the option for this scope, select the Use default network Access Protection profile, and then click OK to perform the settings save operation.

With the above five steps, the user can easily open the network access function under the windows2008 system, so long as the computer with the threat is connected to the network, it will be controlled by the WIN2008 Network Access Protection function, so as to avoid infecting the virus to other computers. Ensure the network security within the LAN.