Installing, Configuring, and Troubleshooting the NPS Role / Implementing NAP Flashcards
Installing and Configuring a NPS Configuring RADIUS Clients and Servers NPS Authentication Methods Monitoring and Troubleshooting a NPS NAP Configuring NAP Configuring IPSec Enforcement for NAP Monitoring and Troubleshooting NAP
- What is a RADIUS Client
- What is a RADIUS Server?
- VPN Server
- RADIUS Authentication Server
What does the PowerShell CmdLet Do?
Export-NpsConfiguration
Exports NPS settings.
What does the PowerShell CmdLet Do?
Get-NpsRadiusClient
Gets RADIUS clients.
What does the PowerShell CmdLet Do?
Get-NpsRemediationServer
Retrieves a list of remediation servers from a remediation server group.
What does the PowerShell CmdLet Do?
Get-NpsRemediationServerGroup
Retrieves all remediation server groups from a Network Policy Server.
What does the PowerShell CmdLet Do?
Get-NpsSharedSecretTemplate
Returns a list of available shared secret templates.
What does the PowerShell CmdLet Do?
Import-NpsConfiguration
Imports NPS settings.
What does the PowerShell CmdLet Do?
New-NpsRadiusClient
Creates a RADIUS client.
What does the PowerShell CmdLet Do?
New-NpsRemediationServer
Creates a remediation server.
What does the PowerShell CmdLet Do?
New-NpsRemediationServerGroup
Creates a remediation server group.
What does the PowerShell CmdLet Do?
Remove-NpsRadiusClient
Removes a RADIUS client.
What does the PowerShell CmdLet Do?
Remove-NpsRemediationServer
Removes a remediation server from a remediation server group.
What does the PowerShell CmdLet Do?
Remove-NpsRemediationServerGroup
Removes a remediation server group from an NPS.
What does the PowerShell CmdLet Do?
Set-NpsRadiusClient
Specifies configuration settings for a RADIUS client.
What is a RADIUS Server (NPS) ?
A central connection for authentication, authorization, and accounting for wireless autheticationg, switch, dialup, and VPN connections
What is a RADIUS Proxy?
a Server that is configured with connection request policies that indicate which connection request the NPS Server will foward the connection request to.
It can also be used for providing authentication & autherization for non AD members or by using a non Windows Database
What is a NAP Policy Server?
A NAP Policy server is a what evaluates the statement of health sent by NAP cable client computers attempting to connect to the network
What does the following cmd do?
NETSH
Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a currently running computer.
What does RADIUS stand for?
Remote Authentication Dial-In User Service protocol
What does the NPS (Network Policy Server) provide?
It provides the following:
- RADIUS Server
- RADIUS Proxy
- NAP (Network Access Protection)
Please describe the following NPS Functions:
- RADIUS Server
- RADIUS Proxy
- NAP Policy Server
- RADIUS Server
- NPS performs centeralized connection authentication, authorization, and account for wireless, switch, & dial-up/VPN connections
- RADIUS Proxy
- You configure connection request policies that indicate which connection requests the NPS server will forward to other RADIUS servers and to which RADIUS server you want to forward connection requests
- NAP Policy Server
- NPS evaluates statements of health sent by NAP-cable client computers that attempt to connect to the network
What is local vs RADIUS authentication?
- Local authentication takes place against the local security account DB or AD DS
- RADIUS authentication forwards the connection request to a RADIUS server for authentication
What ports are used for authentication and accouting for RADIUS?
What about legacy RADIUS?
- 1812 for authentication and 1813 for accounting
- 1645 for authentication and 1646 for accounting
What are the requirements for certificates based authentication in NPS?
- CA certificate
- Client computer certificate
- Server certificate
- User certificate
NPS Authentication
Is a CA certificate required for EAP-TLS/PEAP-TLS?
Is a CA certificate required for PEAP-MS-CHAPv2?
- Yes. The CA certificate is enrolled automatically for domain member computers. For nondomain member computers, you must import the certificate manually into the certificate store.
NPS Authentication
Is a Client computer certificate required for EAP-TLS/PEAP-TLS?
Is a Client computer certificate required for PEAP-MS-CHAPv2?
- Yes. Client computer certificates are required unless user certificates are distributed on smart cards. Client certificates are enrolled automatically for domain member computers. For nondomain member computers, you must import the certificate manually or obtain it with the Web- enrollment tool.
- No, user authentication is performed with password-based credentials not certificates
NPS Authentication
Is a Server Certificate required for the NPS Server for EAP-TLS/PEAP-TLS?
Is a Server Certificate required for the NPS Server for PEAP-MS-CHAPv2?
Why?
- Yes
Why: The NPS server sends the server certificate to the client computer. The client computer uses the certificate to authenticate the NPS server.
NPS Authentication
Is a User Certificate required for EAP-TLS/PEAP-TLS?
Is a User Certificate required for PEAP-MS-CHAPv2?
- Yes
- No
What are the different types of accouting or logging in NPS?
- Event Logging
- Loggin user authentication and account requests
How would you configure a NPS Server? No Roles have been installed
- Install the Network Policy and Access Services Role from server manager or PowerShell
- Register the NPS Server with AD
- Open the Network Policy Server
- Right-Click the NPS (Local), Select Register Server in Active Directory
*
