Windows 2008 Network Access Protection feature application

Source: Internet
Author: User

If a computer on a local area network is infected with a virus, there is a risk that all computers will be "infected" by the entire LAN. In order to control the access security of the common computer in the LAN, we can use the Special Network Access Protection function of Win2008 system to prohibit the computer that exists the security threat from freely accessing the LAN network, the following is the concrete realization operation steps:

First installs the Network Access Protection function; Open the Start menu of the Win2008 system, select Programs/Administrative Tools/Server Manager commands, click the Roles node option from the left area of the Server Manager window that appears, and click on the right display area of the node Add roles feature, open the Role Add Wizard window, follow the prompts to select the network policy and Access services item, click the Install button, and then follow the wizard defaults to complete the Network Access Protection feature installation task;

Second, create health and safety standards; We can click the Server Manager button in the system tray to select roles, network Policy and access services, NPS, network Access Protection, System Health validator, from the left area of the Server Manager window that pops up. Node option, and then click the Properties button in the right area of the target option, open the Security Health Verification dialog box, click the Configure button, and select a number of health and safety standards, such as the normal antivirus application enabled, firewall enabled for all network connections, and antivirus programs up to date. Any future computers that need to be connected to the local area network must meet the above health standards, and the Win2008 system will consider it a healthy and safe computer.

Next, you create a security validation policy, and when you create a healthy security validation policy, we can first position the mouse over the Network Policy server node option in the left area of the Server Manager window, and then expand the policy, health policy branch from the target node, and then click the New button under the target branch. Set the new policy name to healthy computer from the pop-up Security Validation Policy dialog box. Set the client SHV check parameter to the client has passed all SHV checks, select the SHV used in this health policy as Windows Security Health Verifier, and then click OK button to end healthy security validation policy creation operation; In the same procedure, we can also create an unhealthy security verification policy, only when we create this policy, we must select the client SHV check parameter as "The client failed to pass one or more SHV checks." The rest of the parameters are identical to the above;

Create a new network connection policy below; Set the mouse over the network policy and Access Services node on the left side of the Server Manager window and click the "NPS", "policy", "Network Policy" option from the node below, and select the "New" button below the target option. A Network Connection Policy wizard window appears on the system screen as shown in Figure 2. Here, set the policy Name argument to healthy connections, select the Network access server type option as DHCP server, and then click the Add button from the subsequent interface, and select criteria Select the healthy computer Policy that was previously created. Follow the wizard's default prompts to select the granted access permission, perform only computer health check setting option, and then set the policy settings parameter to NAP enforcement allow full network access, and click Finish button to end the network connection policy creation work. And then follow the same procedure, we create an "unhealthy connection" network policy, but in doing so we must select the "Select Criteria" argument as the "unhealthy computer" policy, and set the policy settings argument to the Deny access option, with the remaining parameters identical to the above;

Finally, the DHCP service function needs to be set up, considering that the normal computer needs to contact the DHCP server in the local area network first, so we must set up the appropriate DHCP service parameters. Ensure that all computers ' Internet connection requests are transferred to the WIN2008 system's Network Access Protection function through DHCP function. Click Start/Program/Administrative Tools/Server Manager/DHCP options in the server System desktop, and then enter the DHCP Server console interface, open the property interface for the target scope, click the Network Access Protection tab in the interface, and select in the corresponding Options settings page. Enable the option for this scope, select the Use default network Access Protection profile, and then click OK to perform the settings save operation.

After completing the tasks above, we only need to set up the normal computer in the LAN network to "automatically obtain IP address", then the network connection of this computer will be controlled by the WIN2008 System Network Access Protection function, So the network virus or Trojan horse will not be able to "infect" the other common computer through the LAN network, at this time the entire LAN network operation security can be effectively guaranteed.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.