Configure a Network Policy Server and Infrastructure Flashcards
You need to ensure that client computers can only access two server if they are not running anti-virus software. You deploy a new server. What should you configure to support Computers connecting to the network using an 802.1x authenticating switch or LAN?
- Install the Network Policy Server Role as a RADIUS Server
- Add each 802.1x authenticating switch as a RADIUS client
What is a Network Policy?
Used to set conditions under which users are allowed or blocked from connecting to the network
What is a Connection Request Policy?
Sets of conditions and settings that allow network administrators to designate which RADIUS servers perform the authenication and authorization of connection requests. (Want this to be lest restrictive)
What does the following PowerShell CmdLet Do?
Add-BgpCustomRoute
Adds custom routes to the BGP routing table.
What does the following PowerShell CmdLet Do?
Add-BgpPeer
Adds a new BGP peer.
What does the following PowerShell CmdLet Do?
Add-BgpRouteAggregate
Adds a new aggregate route for specific BGP routes.
What does the following PowerShell CmdLet Do?
Add-BgpRouter
Adds a BGP router for the specified Tenant ID.
What does the following PowerShell CmdLet Do?
Add-BgpRoutingPolicy
Adds a BGP routing policy to the policy store.
What does the following PowerShell CmdLet Do?
Add-BgpRoutingPolicyForPeer
Adds BGP routing policies to BGP peers.
What does the following PowerShell CmdLet Do?
Add-DAAppServer
Adds a new application server security group to the DirectAccess (DA) deployment, adds an application servers to an application server security group that is already part of the DirectAccess deployment, and adds or updates application server Group Policy Object (GPO) in a domain.
What does the following PowerShell CmdLet Do?
Add-DAClient
Adds one or more client computer security groups (SGs) to the DirectAccess (DA) deployment, adds one or more DA client Group Policy Objects (GPOs) in one or more domains, adds one or more SGs of down-level clients to the DA deployment in a multi-site deployment, or adds one or more down-level DA client GPOs in one or more domains in a multi-site deployment.
What does the following PowerShell CmdLet Do?
Add-DAClientDnsConfiguration
Adds the specified DNS suffix, DNS server addresses, or proxy server set to the Name Resolution Policy Table (NRPT).
What does the following PowerShell CmdLet Do?
Add-DAEntryPoint
Adds an entry point to a multi-site deployment.
What does the following PowerShell CmdLet Do?
Add-DAMgmtServer
Adds the specified Management servers to the DirectAccess (DA) deployment.
What does the following PowerShell CmdLet Do?
Add-RemoteAccessIpFilter
Adds filters for traffic that passes through an interface.
What does the following PowerShell CmdLet Do?
Add-RemoteAccessLoadBalancerNode
Adds a server to the load balancing cluster.
What does the following PowerShell CmdLet Do?
Add-RemoteAccessRadius
Adds a new external RADIUS server for VPN authentication, accounting for DirectAccess (DA) and VPN, or one-time password (OTP) authentication for DA.
What does the following PowerShell CmdLet Do?
Add-VpnIPAddressRange
Adds a new IPv4 address range from which IPv4 addresses can be assigned to VPN clients.
What does the following PowerShell CmdLet Do?
Add-VpnS2SInterface
Create a S2S interface with the specified parameters.
What does the following PowerShell CmdLet Do?
Add-VpnSstpProxyRule
Adds a tenant ID to gateway mapping.
What does the following PowerShell CmdLet Do?
Clear-BgpRouteFlapDampening
Clears the route flap dampening information for the specified set of BGP routes.
What does the following PowerShell CmdLet Do?
Clear-RemoteAccessInboxAccountingStore
Clears the inbox accounting store for the specified time period.
What does the following PowerShell CmdLet Do?
Clear-VpnS2SInterfaceStatistics
Clears statistics for a site-to-site (S2S) interface.
What does the following PowerShell CmdLet Do?
Connect-VpnS2SInterface
Connects a site-to-site (S2S) interface that is currently not connected.
What does the following PowerShell CmdLet Do?
Disable-BgpRouteFlapDampening
Disables route dampening for the flapping BGP routes.
What does the following PowerShell CmdLet Do?
Disable-DAMultiSite
Disables a multi-site deployment that contains a single entry point.
What does the following PowerShell CmdLet Do?
Disable-DAOtpAuthentication
Disables one-time password (OTP) authentication for DirectAccess (DA) users.
What does the following PowerShell CmdLet Do?
Disable-RemoteAccessRoutingDomain
Disables remote access functions for a routing domain.
What does the following PowerShell CmdLet Do?
Disconnect-VpnS2SInterface
Disconnect a site-to-site (S2S) interface that is currently connected.
What does the following PowerShell CmdLet Do?
Disconnect-VpnUser
Disconnects a VPN connection originated by a specific user or originating from a specific client computer.
What does the following PowerShell CmdLet Do?
Enable-BgpRouteFlapDampening
Enables route dampening for the flapping BGP routes.
What does the following PowerShell CmdLet Do?
Enable-DAMultiSite
Enables and configures a multi-site deployment, and adds the first entry point.
What does the following PowerShell CmdLet Do?
Enable-DAOtpAuthentication
Enables and configures one-time password (OTP) authentication for DirectAccess (DA) users.
What does the following PowerShell CmdLet Do?
Enable-RemoteAccessRoutingDomain
Enables VPN or S2S functions for a specified routing domain.
What does the following PowerShell CmdLet Do?
Get-BgpCustomRoute
Gets custom route information from the BGP router.
What does the following PowerShell CmdLet Do?
Get-BgpPeer
Gets configuration information for BGP peers.
What does the following PowerShell CmdLet Do?
Get-BgpRouteAggregate
Gets all the aggregate BGP routes configured by the administrator.
What does the following PowerShell CmdLet Do?
Get-BgpRouteFlapDampening
Retrieves the configuration of a BGP route dampening engine.
What does the following PowerShell CmdLet Do?
Get-BgpRouteInformation
Retrieves BGP route information for one or more network prefixes from the BGP routing table.
What does the following PowerShell CmdLet Do?
Get-BgpRouter
Gets configuration information for BGP routers.
What does the following PowerShell CmdLet Do?
Get-BgpRoutingPolicy
Gets configuration information of BGP routing policies.
What does the following PowerShell CmdLet Do?
Get-BgpStatistics
Retrieves BGP peering-related message and route advertisement statistics.
What does the following PowerShell CmdLet Do?
Get-DAAppServer
Displays the list of application server security groups that are part of the DirectAccess (DA) deployment and the properties of the connections made to the application servers in the groups.
What does the following PowerShell CmdLet Do?
Get-DAClient
Displays the list of client security groups that are part of the DirectAccess (DA) deployment and the client properties.
What does the following PowerShell CmdLet Do?
Get-DAClientDnsConfiguration
Displays all the Name Resolution Policy Table (NRPT) entries and the local name resolution property.
What does the following PowerShell CmdLet Do?
Get-DAEntryPoint
Displays the settings for an entry point.
What does the following PowerShell CmdLet Do?
Get-DAEntryPointDC
Retrieves a list of entry points and the associated domain controllers (DCs).
What does the following PowerShell CmdLet Do?
Get-DAMgmtServer
Displays the configured management servers.
What does the following PowerShell CmdLet Do?
Get-DAMultiSite
Retrieves global settings applied to all entry points in a multi-site deployment.
What does the following PowerShell CmdLet Do?
Get-DANetworkLocationServer
Displays the detailed Network Location Server (NLS) configuration.
What does the following PowerShell CmdLet Do?
Get-DAOtpAuthentication
Displays one-time password (OTP) authentication settings for DirectAccess (DA).
What does the following PowerShell CmdLet Do?
Get-DAServer
Displays the properties of the DirectAccess (DA) server.
What does the following PowerShell CmdLet Do?
Get-RemoteAccess
Displays the configuration of DirectAccess (DA) and VPN (both Remote Access VPN and site-to-site VPN).
What does the following PowerShell CmdLet Do?
Get-RemoteAccessAccounting
Displays the accounting configuration for Remote Access, such as the different types of accounting that are enabled and the respective configuration.
What does the following PowerShell CmdLet Do?
Get-RemoteAccessConfiguration
Retrieves the remote access configuration.
What does the following PowerShell CmdLet Do?
Get-RemoteAccessConnectionStatistics
Displays the statistics of real-time, currently active DirectAccess (DA) and VPN connections and the statistics of DA and VPN historical connections for a specified time duration.
What does the following PowerShell CmdLet Do?
Get-RemoteAccessConnectionStatisticsSummary
Displays the summary statistics of real-time, currently active DirectAccess (DA) and VPN connections and the summary statistics of DA and VPN historical connections for a specified time duration.
What does the following PowerShell CmdLet Do?
Get-RemoteAccessHealth
Obtains the current health of a RemoteAccess (RA) deployment.
What does the following PowerShell CmdLet Do?
Get-RemoteAccessIpFilter
Retrieves IP filters on an interface.
What does the following PowerShell CmdLet Do?
Get-RemoteAccessLoadBalancer
Displays load balanced cluster settings.
What does the following PowerShell CmdLet Do?
Get-RemoteAccessRadius
Displays the list of RADIUS servers including RADIUS for VPN authentication, RADIUS for DirectAccess (DA) and VPN Accounting, and RADIUS for one-time password (OTP) authentication for DA.
What does the following PowerShell CmdLet Do?
Get-RemoteAccessRoutingDomain
Retrieves configuration information for a routing domain.
What does the following PowerShell CmdLet Do?
Get-RemoteAccessUserActivity
Displays the resources accessed over the active DirectAccess (DA) and VPN connections and the resources accessed over historical DA and VPN connections.
What does the following PowerShell CmdLet Do?
Get-RoutingProtocolPreference
Displays preferences for routing protocols.
What does the following PowerShell CmdLet Do?
Get-VpnAuthProtocol
Retrieves authentication parameters configured on a VPN server.
What does the following PowerShell CmdLet Do?
Get-VpnS2SInterface
Retrieves configuration details for a site-to-site (S2S) interface.
What does the following PowerShell CmdLet Do?
Get-VpnS2SInterfaceStatistics
Retrieves statistics of a site-to-site (S2S) interface.
What does the following PowerShell CmdLet Do?
Get-VpnServerConfiguration
Gets VPN server properties.
What does the following PowerShell CmdLet Do?
Get-VpnSstpProxyRule
Retrieves the Tenant ID to gateway mapping.
What does the following PowerShell CmdLet Do?
Install-RemoteAccess
Performs prerequisite checks for DirectAccess (DA) to ensure that it can be installed, installs DA for remote access (RA) (includes management of remote clients) or for management of remote clients only, installs VPN (both Remote Access VPN and site-to-site VPN), and installs Border Gateway Protocol Routing..
What does the following PowerShell CmdLet Do?
New-VpnSstpProxyRule
Creates a tenant ID to gateway mapping object.
What does the following PowerShell CmdLet Do?
New-VpnTrafficSelector
Creates a VPN Traffic selector object that configures the IKE traffic selector.
What does the following PowerShell CmdLet Do?
Remove-BgpCustomRoute
Removes custom routes from the BGP router.
What does the following PowerShell CmdLet Do?
Remove-BgpPeer
Removes BGP peers from a router.
What does the following PowerShell CmdLet Do?
Remove-BgpRouteAggregate
Removes the set of specified aggregate BGP routes.
What does the following PowerShell CmdLet Do?
Remove-BgpRouter
Removes a BGP router.
What does the following PowerShell CmdLet Do?
Remove-BgpRoutingPolicy
Removes routing policies from the policy store.
What does the following PowerShell CmdLet Do?
Remove-BgpRoutingPolicyForPeer
Removes routing policies from BGP peers.
What does the following PowerShell CmdLet Do?
Remove-DAAppServer
Removes the specified list of application server security groups (SGs) from the DirectAccess (DA) deployment, removes the specified application servers from the specified DA application server SG,and removes the application server Group Policy Objects (GPOs) in the specified domains.
What does the following PowerShell CmdLet Do?
Remove-DAClient
Removes one or more client computer security groups (SGs) from the DirectAccess (DA) deployment, removes one or more DA client Group Policy Objects (GPOs) from domains, removes one or more SGs of down-level clients (down-level clients can connect only to the specified site) from the DA deployment in a multi-site deployment, and removes one or more down-level DA client GPOs from domains in a multi-site deployment.
What does the following PowerShell CmdLet Do?
Remove-DAClientDnsConfiguration
Removes the Name Resolution Policy Table (NRPT) entry corresponding to the specified DNS suffix from the NRPT.
What does the following PowerShell CmdLet Do?
Remove-DAEntryPoint
Removes an entry point from a multi-site deployment.
What does the following PowerShell CmdLet Do?
Remove-DAMgmtServer
Removes the specified management servers from the DirectAccess (DA) deployment.
What does the following PowerShell CmdLet Do?
Remove-RemoteAccessIpFilter
Removes an IP filter for an interface.
What does the following PowerShell CmdLet Do?
Remove-RemoteAccessLoadBalancerNode
Removes a server from the network load balancing (NLB) cluster.
What does the following PowerShell CmdLet Do?
Remove-RemoteAccessRadius
Removes an external RADIUS server from being used for VPN authentication, accounting for both DirectAccess (DA) and VPN, or one-time password (OTP) authentication for DA.
What does the following PowerShell CmdLet Do?
Remove-VpnIPAddressRange
Removes an existing IPv4 address range from the pool for IP address assignment.
What does the following PowerShell CmdLet Do?
Remove-VpnS2SInterface
Removes a specified site-to-site (S2S) interface.
What does the following PowerShell CmdLet Do?
Remove-VpnSstpProxyRule
Removes one or more tenant IDs to gateway mappings for SSTP proxy.
What does the following PowerShell CmdLet Do?
Set-BgpPeer
Updates the configuration of the specified BGP peer.
What does the following PowerShell CmdLet Do?
Set-BgpRouteAggregate
Updates the properties of specified aggregate BGP route.
What does the following PowerShell CmdLet Do?
Set-BgpRouteFlapDampening
Configures the BGP route dampening engine.
What does the following PowerShell CmdLet Do?
Set-BgpRouter
Updates the configuration of the local BGP router for the specified tenant ID.
What does the following PowerShell CmdLet Do?
Set-BgpRoutingPolicy
Modifies a routing policy configuration.
What does the following PowerShell CmdLet Do?
Set-BgpRoutingPolicyForPeer
Modifies BGP routing policies for BGP peers.
What does the following PowerShell CmdLet Do?
Set-DAAppServerConnection
Configures the properties of the connection to application servers and the IPsec security traffic protection policies for the connection.
What does the following PowerShell CmdLet Do?
Set-DAClient
Configures the properties related to a DirectAccess (DA) client.
What does the following PowerShell CmdLet Do?
Set-DAClientDnsConfiguration
Configures the DNS server and proxy server addresses of a Name Resolution Policy Table (NRPT) entry and configures the local name resolution property.
What does the following PowerShell CmdLet Do?
Set-DAEntryPoint
Configures settings for the entry point.
What does the following PowerShell CmdLet Do?
Set-DAEntryPointDC
Modifies domain controller (DC) settings for the entry point.
What does the following PowerShell CmdLet Do?
Set-DAMultiSite
Configures global settings for all entry points in a multi-site deployment.
What does the following PowerShell CmdLet Do?
Set-DANetworkLocationServer
Configures the Network Location Server (NLS).
What does the following PowerShell CmdLet Do?
Set-DAOtpAuthentication
Configures one-time password (OTP) authentication settings for DirectAccess (DA).
What does the following PowerShell CmdLet Do?
Set-DAServer
Sets the properties specific to the DirectAccess (DA) server.
What does the following PowerShell CmdLet Do?
Set-RemoteAccess
Modifies the configuration that is common to both DirectAccess (DA) and VPN such SSL certificate, Internal interface, and Internet interface.
What does the following PowerShell CmdLet Do?
Set-RemoteAccessAccounting
Sets the enabled state for inbox and RADIUS accounting for both external RADIUS and Windows accounting and configures the settings when enabled.
What does the following PowerShell CmdLet Do?
Set-RemoteAccessConfiguration
Modifies the configuration of a remote access role.
What does the following PowerShell CmdLet Do?
Set-RemoteAccessInboxAccountingStore
Modifies the size of the inbox accounting store.
What does the following PowerShell CmdLet Do?
Set-RemoteAccessIpFilter
Modifies IP filter action.
What does the following PowerShell CmdLet Do?
Set-RemoteAccessLoadBalancer
Configures load balancing on the Remote Access (RA) server or the cluster server.
What does the following PowerShell CmdLet Do?
Set-RemoteAccessRadius
Edits the properties associated with an external RADIUS server being used for VPN authentication, accounting for DirectAccess (DA) and VPN, and one-time password (OTP) authentication for DA.
What does the following PowerShell CmdLet Do?
Set-RemoteAccessRoutingDomain
Configures S2S VPN settings for a routing domain configuration.
What does the following PowerShell CmdLet Do?
Set-RoutingProtocolPreference
Configures preferences for routing protocols.
What does the following PowerShell CmdLet Do?
Set-VpnAuthProtocol
Configures the authentication method for incoming site-to-site (S2S) VPN interfaces on a Routing and Remote Access (RRAS) server.
What does the following PowerShell CmdLet Do?
Set-VpnAuthType
Sets the authentication type to be used for connecting to a VPN.
What does the following PowerShell CmdLet Do?
Set-VpnIPAddressAssignment
Configures the IPv4 address assignment method or the IPv6 prefix for IPv6 address assignment.
What does the following PowerShell CmdLet Do?
Set-VpnS2SInterface
Updates parameters for an S2S Interface.
What does the following PowerShell CmdLet Do?
Set-VpnServerConfiguration
Updates S2S server parameters.
What does the following PowerShell CmdLet Do?
Set-VpnSstpProxyRule
This cmdlet updates the tenant ID to gateway mapping for SSTP Proxy.
What does the following PowerShell CmdLet Do?
Start-BgpPeer
Starts routing sessions for BGP peers.
What does the following PowerShell CmdLet Do?
Stop-BgpPeer
Stops routing sessions for BGP peers.
What does the following PowerShell CmdLet Do?
Uninstall-RemoteAccess
Uninstalls DirectAccess (DA) and VPN, both Remote Access (RA) VPN and site-to-site VPN.
What does the following PowerShell CmdLet Do?
Update-DAMgmtServer
Updates the list of Management servers of the DirectAccess (DA) deployment.
What does a Remote Access Policy do?
Define how connections form remote users are either authorized or rejected
RADIUS - Stands for?
Remote Authentication Dial-In User Service
What is Microsoft’s version of RADIUS?
NPS - Network Policy Server
What is RADIUS Proxy (NPS) is used for?
It is used for authenicated users for Remote Access
What configurations do you need to make to the NPS Server?
- Register the server in Active Directory
- Create a RADIUS Client (the VPN Server) -only needed for multi-servers
*
How do you set up a RADIUS Client in NPS?
- Select Enable this RADIUS Client - if enabled
- Enter the Name and Address
- Friendly Name
- IP Address or DNS Name
- Select a Shared Secret Template or Create a Share Secret
How are Connection Request Policies processed?
They are processed based on Processing Order. The lowest number gets applied first
What network policies are created by default?
Both Disallow Access to Remote Access
- Connections to the Server
- Connections to other access servers
- Where on the NPS Network Policies can you configure Multilink and Bandwidth Allocation?
On the Settings Tab:
Select Routing and Remote Access - Multilink and Bandwidth Allocation Protocol
What settings can you modify in the NPS Network Policy - Multilink and Bandwidth Allocation Protocol - Multilink?
Specifying how you would like to handle multiple connections to the network:
- Server Settings determine Multilink usage
- Do not allow multilink connections
- Specifiy Max number of ports allowed
What settings can you modify in the NPS Network Policy - Multilink and Bandwidth Allocation Protocol - Bandwidth Allocation Protocol?
If the lines of a Multilink connection fall below the follwoing percentage of capacity for a period of time reduce the connection by one line:
- Percentage of Capacity
- Period of Time
What settings can you modify on the NPS Network Policy, Settings tab, under encryption?
The strength of Encyption (starting with the strongest until the computer accepts one):
- Basic Encryption
- Strong Encryption
- Strongest Encryption
- No encryption
What settings can you modify on the NPS Network Policy, Settings tab, under IP Settings?
This is to specify how the client IP address gets assigned:
- Server must supply an IP Address
- Client may request an IP Address
- Server Settings determine IP Address assignment
- Assign a static IPv4 address
What settings can you modify on the NPS Network Policy, Settings tab, under IP Filters?
How do you configure NPS Accounting?
Select how you want to log:
- Log to a SQL DB
- Log to a Text file
- Log to a Text file and SQL DB
- Log to a SQL DB and use text logging for fail over
Select informaiton that will be logged:
- Accounting Requests
- Authentication Requests
- Periodic Accouting Status
- Periodic Authentication Status
If log file: Where log is stored.
Logging Failure Action: Discard connections requests - Yes/No
When Importing NPS Policies, what do you need to configure still?
You need to set up logging if you are using sql.
What does the following PowerShell cmdlet do?
Export-NpsConfiguration
Exports settings from the NPS Server to a file
What does the following PowerShell cmdlet do?
Import-NpsConfiguration
This command imports NPS settings from a file
What are the different ways that the NAP process can be started?
- DHCP
- 802.1x
- VPN
- IPSec
- Remote Desktop Services
When specifiying a new Network Policy with a health policy for failing a Health Check do you want to deny the computer access to the network?
And Why?
No you want to allow.
This is so you can set up a remediation Server so that the computer can be compliant.
Where would you set up to have a computer enter the remediation network?
- In the newtwork Policy
- In the Settings tab
- Under NAP Enforcement
- Select Allow Limited Access
What do you need to set up in DHCP for NAP?
- In the DHCP Scope
- Select Policies
- Create a new policy
- Policy will be for User Class
- Value is default network access protection class
- Select if it can find any DNS resource records
- Select the DNS Domain Name (Add the restricted remediation network name)
- In the DHCP Scope Properties
- You need to select the Network Access Protection Tab
- Select Enable for this scope
- Enter the Policy Name
What clients are able to use DirectAccess to connect to the closest physical access point?
Only Windows 8 or 8.1
What are the following CMDs?
- djoin /provision
- djoin /RequestODJ
- creates the computer account metadata. The output of this command is a .txt file that includes a base-64 encoded blob.
- inserts the computer account metadata from the .txt file into the Windows directory of the destination computer.
