Enabling NAP on VPN clients

This topic describes how to configure virtual private network (VPN) clients to work with Network Access Protection (NAP) enforcement. This includes the following tasks:

  • Enabling the remote access quarantine enforcement client
  • Enabling and starting the NAP agent service
  • Modifying VPN connections
  • Accommodating clients not capable of using NAP (optional)

Enabling the remote access quarantine enforcement clientThe NAP VPN enforcement method requires that the remote access quarantine enforcement client is enabled on all NAP client computers.To enable the remote access quarantine enforcement client

  1. Click Start, click All Programs, click Accessories, and then click Run.
  2. Type napclcfg.msc, and then press ENTER.
  3. On the console, in the tree, click Enforcement Clients.
  4. In the details pane, right-click Remote Access Quarantine Enforcement Client, and then click Enable.

Enabling and starting the NAP agent serviceBy default, the Network Access Protection agent service on computers running Windows Vista is configured with a startup type of Manual. Each client must be configured so that the Network Access Protection agent service starts automatically, and the service must be started.To enable and start the NAP agent service

  1. Click Start, click Control Panel, click System and Maintenance, and then click Administrative Tools.
  2. Double-click Services.
  3. In the services list, double-click Network Access Protection Agent.
  4. In the Network Access Protection Agent Properties dialog box, change the Startup type to Automatic, and then click Start.
  5. Wait for the NAP agent service to start, and then click OK.
  6. Close the Services console, Administrative Tools, and System and Maintenance windows.

Modifying VPN connections
To modify VPN connections

  1. Click Start, click Run, and type NCPA.cpl, and then press ENTER.
  2. In the Network Connections window, right-click the appropriate VPN connection, click Properties, and then click the Security tab.
  3. Confirm that Advanced (custom Settings) is enabled, and then click Settings.
  4. For Logon security, select Use Extensible Authentication Protocol (EAP) and Protected EAP (PEAP) (encryption enabled), and then click Properties.
  5. Click Configure, and then click OK.
  6. Under Select Authentication Method, click either Secured password (MS-CHAP v2) or Smart Card or other certificate, depending on your deployment.
  7. Select Enable Quarantine checks.
  8. In the VPN Connection Properties windows, click OK three times.

Accommodating clients not capable of using NAP (optional)Clients running other operating systems can be accommodated in an NAP deployment. These clients should connect to the network by using the Connection Manager, and you should configure NPS to place these clients in the quarantine network. They will then be able to join the VPN Clients network using RQS or RQC.

What is Global Catalogue Server

A global catalogue is a domain controller that stores information about all the objects in the Active directory Forest. So with the help of Global catalogue we can search objects within the global catalogue server without searching in separate domain controllers every time.Global catalogue server stores full,writable replicas of schema and configuration directory partitions and full,writable replica of domain directory partition for the domain that it is hosting .
Global catalogue server also stores partial , read only replica of every other domain in forest .

 

How Active Directory Replication Works

Active Directory uses Knowledge Consistency Checker for replication between domain controllers. KCC creates a connection object that represents a replication connection between source domain controller to a destination domain controller.

The KCC creates connection objects automatically. The Connection objects created by KCC is stored under Active Directory Sites and Services in the NTDS settings. KCC creates replication routes by creating one way inbound connection objects that define connetions from other domain controllers.

The KCC is a inbuilt process which runs on all domain controllers and generates replication topology for active directory. It generates different replication topology for both Intrasite and Intersite . In intrasite the connections between writable domain controllers is bidirectional with shortcut connections to reduce latency. In Intersite replication spanning tree topology is used. When you have more than one site you need to configure site links between sites and KCC in each site automatically creates connection.

 

(adsbygoogle = window.adsbygoogle || []).push({}); //--> Feedjit Flag Counter