Windows system >> Computer software Tutorial >> Server technology  >> About the server

Windows 2008 Network Access Protection Application

  
                  

If a computer on a LAN is infected with a virus, there is a danger that all computers will be "infected" by the entire LAN. In order to control the access security of ordinary computers in the LAN, we can use the unique network access protection function of Win2008 system to prohibit computers with security threats from freely accessing the LAN network. The following is the specific implementation steps:

First install the network access protection function; open the Win2008 system's "Start" menu, select the "Programs" /"Administrative Tools" /"Server Manager" command, click from the left side of the Server Manager window that appears after "Role" node option, and click the "Add Role" function in the right display area of ​​the corresponding node, open the role add wizard window, select the "Network Policy and Access Service" item as prompted, and then click the "Install" button. Then follow the wizard default settings to complete the installation task of the network access protection function;

Secondly create a health security standard; in this operation, we can first click the "Server Manager" button in the system task bar. Select "role" one by one from the left area of ​​the pop-up Server Manager window. Network Policy and Access Service, NPS, Network Access Protection, System Health Validator node options, click the Properties button in the right area of ​​the target option to open the Security and Health Validation dialog box, click "Configuration" button, select the general "antivirus application is enabled", "already enabled firewall for all network connections", "antivirus program is the latest" and other health security standards, any future need to connect to the local area network The computer must meet the above health standards at the same time, Win2008 system will consider it to be a healthy and secure computer;

Then create a security verification policy; when creating a healthy security verification policy, we can first locate the mouse In the left area of ​​the Server Manager window, select the "Network Policy Server" node option, and then expand the "Policy" and "Health Policy" branches one by one from the target node. Click the "New" button under the target branch to pop up the security. In the Verify Policy dialog box, set the new Policy Name to Health Computer and The SHV check parameter is set to "The client has passed all SHV checks", select the "SHV used in this health policy" parameter as "Windows Security Health Validator", and finally click the "OK" button to end the health security verification. Policy creation operation; according to the same steps, we can also create an unhealthy security verification policy, but when creating this policy, we must select the "client SHV ​​check" parameter as "the client failed to pass one or more SHV check", the rest of the parameters are the same as above;

Create a new network connection strategy; locate the mouse first in the "Network Policy and Access Service" node at the left area of ​​the Server Manager window On the top, and then click the "NPS", "Policy", "Network Policy" option from the node, click the "New" button from the target option, then a system as shown in Figure 2 will appear on the system screen. Network Connection Policy Wizard window; here the "Policy Name" parameter is set to "Healthy Connection" and "Network Access Server Type" The item is selected as “DHCP Server”, and then click “Add” button from the back interface, and select “Selection Condition” as the previously created “Healthy Computer” policy, and then select “Approved” according to the default prompt of the wizard. Access Permissions, Perform Computer Health Check Only setting options, and finally set the Policy Settings parameter to NAP Enforce Full Network Access and click the Finish button to end the network connection policy creation. Then follow the same steps, we create a "unhealthy connection" network policy, but in doing this, we must select the "select condition" parameter as "unhealthy computer" policy, and set the "policy settings" parameter For the "Access Denied" option, the rest of the parameters are exactly the same as above;

Finally, the DHCP service function needs to be set; considering that the ordinary computer needs to contact the DHCP server in the LAN when accessing the network, we must also Set the appropriate DHCP service parameters to ensure that all computer's Internet connection requests are forwarded to the Win2008 system's network access protection function through DHCP. Click Start /Programs /Administrative Tools /Server Manager /DHCP in the server system desktop to enter the DHCP server console interface, open the properties interface of the target scope, click the In the "Network Access Protection" tab of the interface, select the "Enable this scope" option in the corresponding option settings page, select "Use default network access protection configuration file", and finally click the "OK" button to perform the setting save operation. .

After completing the above setting tasks, we only need to set the ordinary computer to be connected to the LAN network to "automatically obtain the IP address", then the network connection of the computer will be affected by the Win2008 system. The network access protection function is controlled. As a result, network viruses or Trojans cannot be "infected" to other ordinary computers through the LAN network in the future. At this time, the operational security of the entire LAN network can be effectively guaranteed.

About the server
Windows system
Ubuntu machine vsftp connection reported 530 link failed

Solution: Generally this situation is related to directory permissions, user passwords, after setti
How many virtual magnetic

issue Windows Hyper-V Server 2008 R2 supports up Description Windows Hyper-V Server 2008 R2 supp
Ubuntu Linux installation PHP development environment Zend Studio 5.5.1

Ubuntu entertainment features have been very good, nothing more than watching movies, listening to s
Top ten server monitoring tools in foreign countries to help you keep abreast of the situation

                   In order to ensure the stable operation of the companys servers, it is useless to
Teach you how to add pseudo-static under nginx

                   First enter the nginx configuration file directory Please enter the following com
Remote maintenance of Win2003

using the Web interface When installing network devices, such as network cards, we seem to inevitab
  • DNS server
  • FTP server
  • Web server
  • Proxy server
  • Mail server
  • Server synthesis
  • About the server

    • From Win8 win7 dual system to win8 system approach

    Win10 first anniversary update version 1607 ISO image download Daquan

    Linux user and user group settings

    Win10 shutdown automatic restart solution

    Win10 system play Devil May Cry 4 keyboard button failure solution

    IE8 development tools minimized in the taskbar can not be used

    Win10 update failed. Error code 0x80240442 How to solve

    How to use the Win7 system computer diary document

    Windows 7 universal shortcuts and slimming optimization strategy

    Mike Nash: Wishing Wall makes our Windows 7 more and more perfect

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved