Lesson 2: Configuring Network Access Protection
401
6. On the Configure User Groups And Machines page, you can accept the default settings to allow all users to connect. To grant or deny access to a group, click the Add Machine button. Then, select the group and click OK. Click Next. 7. The pages that follow vary depending on your NAP enforcement method. For example, for the 802.1X or VPN enforcement methods, you use the Configure An Authentication Method page (shown in Figure 8-4) to specify the NAP health policy server certificate and the EAP types to use for user or computer-level authentication. For the 802.1X enforcement method, you use the Configure Virtual LANs (VLANs) page to configure the unlimited VLAN and the restricted network VLAN.
Figure 8-4
Configuring an 802.1X enforcement authentication method
8. On the Define NAP Health Policy page, you can select from the installed SHVs. By default, only the Windows Security Health Validator is installed. As shown in Figure 85, you should leave autoremediation enabled to allow client computers to automatically change settings to meet health requirements. During initial production deployments, select Allow Full Network Access To NAP-Ineligible Client Computers to configure NAP in monitoring-only mode. Noncompliant computers will generate an event in the event log, allowing you to fix noncompliant computers before they are prevented from connecting to the network. Click Next.