Open the specific steps of win2008 network access protection

  

In the LAN, if there is a computer with a virus, then other computers in the LAN are likely to be implicated. Under Windows2008 system, we can turn on the network access protection function, prohibit Unsafe computers are free to intervene in the LAN so that other computers in the LAN can be protected.

To open the windows2008 network access protection steps:

1. Install the network access protection function; open the Win2008 system's "Start" menu, select "> Programs" from the list. "Administrative Tools"//"The Server Manager" command, click on the "Role" node option from the left side of the Server Manager window that appears, and click on the display area to the right of the corresponding node. ; add role & rdquo; function, open the role to add wizard window, follow the prompts to select the "network policy and access service" project, then click the "install" button, and then follow the wizard default settings to complete the network access protection installation task ;

2, create a health and safety standard; in this operation, we can first click the "Server Manager" button in the system tray, from the left side of the server manager window popped up Select one point at a time, "role", "network policy and access service", ""NPS”,“network access protection&rdqu o;, & ldquo; System Health Validator & rdquo; node options, then click the “ Properties & rdquo; button in the right area of ​​the target option, open the security and health verification dialog box, click the "Configure" button, select the regular & rdquo; anti-virus application is enabled & rdquo;, "already have been enabled for all network connections firewall", "anti-virus programs are the latest", and several other health and safety standards, any computer that needs to connect to the local area network must At the same time meet the above health standards, Win2008 system will consider it a healthy and secure computer;

3, create a security verification strategy; when creating a healthy security verification strategy, we can first locate the mouse on the server In the left area of ​​the manager window, click the “Network Policy Server” node option, and then expand the “Policy” policy from the bottom of the target node. Click on the target branch and click “New”. ; button, from the pop-up security verification policy dialog box, set the new "policy name" to "difference" "Computer", set the "Client SHV ​​Check" parameter to "The client has passed all SHV checks", and the "SHV" parameter used in this health policy is selected as "Windows Security Health Validator" & rdquo; Finally, click the "OK" button to end the healthy security verification policy creation operation; follow the same steps, we can also create an unhealthy security verification strategy, but when creating this strategy, we must The client SHV ​​check & rdquo; parameter selection is "the client failed to pass one or more SHV checks", the rest of the parameters are the same as above;

4, create a new network connection strategy ; Position the mouse first on the "Network Policy and Access Service" node on the left side of the Server Manager window, and from the node, click "“NPS", "Strategy>;>;Network Policy” ;Options, click the “New” button from the target option, and a Create Network Connection Policy Wizard window will appear on the system screen. Here, set the “policy name” parameter to “Healthy Connection”, select the “Network Access Server Type” option as “DHCP Server”, and click “Add” from the back interface. ; button, at the same time, "select the condition", select the previously created "health computer" strategy, and then select one by one according to the wizard's default prompts "already granted access", "and only perform computer health check" ; Set the option, and finally set the "Policy Settings" parameter to "NAP to allow full network access", and click the "Complete" button to end the network connection policy creation work. Then follow the same steps, we create a "unhealthy connection" network strategy, just in doing this, we must select the "select condition" parameter as "unhealthy computer" strategy, and will “Policy settings” parameter is set to “reject access”options, the rest of the parameters are exactly the same as above;

5, set the DHCP service function; considering that the ordinary computer needs to contact when accessing the network The DHCP server in the LAN, so we must also set the appropriate DHCP service parameters to ensure that all computer's Internet connection request is forwarded to the Win2008 system's network access protection function through the DHCP function. Click the “Start”/“Program”/“Administrative Tools”/“Server Manager”/“DHCP” option in the server system desktop to enter the DHCP server console interface and open the target. For the scope's property interface, click the “Network Access Protection” tab in the interface, select the “Enable this Scope” option in the corresponding option settings page, and select “Use default network access protection configuration”. File & rdquo;, and finally click the & ldquo; button to perform the settings save operation.

After the above five steps, users can easily open the network access function under Windows 2008 system. As long as there is a threat computer to connect to the network, it will be controlled by win2008 network access protection. In order to avoid transmitting the virus to other computers, the network security in the LAN is guaranteed.

Copyright © Windows knowledge All Rights Reserved