Windows Server 2008 Group Policy deployment IPSec server and Domain Isolation (1)

We will continue our in-depth discussion of how to deploy IPSec NAP health policy, the example network, and the main steps to make NAP and IPSec policy work--How to install and configure a Network policy server, health registration authorization management, and a subordinate CA.

How to install and configure a Network policy server, health registration authorization management, and a subordinate CA

Now let's shift our attention to the Network policy server. Network policy servers, or NPS machines, play the role of a RADIUS server. NPS is the new name for the former Microsoft Network access server (IAS), and in fact this new NPS server has two components: RADIUS components (including new support for NAP) and RRAS components. We are not interested in the RRAS component here, so we will not discuss how to install RRAS in the configuration.

We need to follow these steps to install and configure the NPS server, health registration authorization management, and a subordinate CA on the machine:

To add a network policy server to the NAP exemption Group (exempt)

Restart the Network Policy server

Request a computer certificate for a network policy server

View the computer and health certificate installed on the Network policy server

Installing Network policy servers, health registration authorization management, and attached CAs

To configure a subordinate CA on a network policy server

Enable permission to request certificates, issue certificates, and manage certificates for health registration authorization management

Configure Health registration authorization management to use a subordinate CA to issue health certificates

Now let's take a look at the specific actions of these steps.