NPS Fast Facts

Article
07/02/2012

Applies To: Windows Server 2008

In Windows Server® 2008, Network Policy Server (NPS) replaces Internet Authentication Service (IAS).

NPS is:

The Microsoft implementation of the Remote Authentication Dial-In User Service (RADIUS) protocol.
Configurable as a RADIUS server.
Configurable as a RADIUS proxy that forwards connection requests to other RADIUS servers for processing.
A required component of Network Access Protection (NAP). When you deploy NAP, NPS functions as a NAP health policy server.
Configurable to perform all three functions (RADIUS server, RADIUS proxy, NAP health policy server) at the same time.
Compatible with user account databases in Active Directory Domain Services (AD DS).

Windows Server 2008 editions and NPS

NPS provides different functionality depending on the edition of Windows Server 2008 that you install:

Windows Server 2008 Enterprise and Windows Server 2008 Datacenter. These server editions include NPS. With NPS in Windows Server 2008 Enterprise and Windows Server 2008 Datacenter, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure a group of RADIUS clients by specifying an IP address range.
Windows Server 2008 Standard. This server edition includes NPS. With NPS in Windows Server 2008 Standard, you can configure a maximum of 50 RADIUS clients and a maximum of two remote RADIUS server groups. You can define a RADIUS client by using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the NPS server uses the first IP address returned in the Domain Name System (DNS) query.
Windows Web Server 2008. This server edition does not include NPS.

For more information, see Windows Server 2008 Overview of Editions at https://go.microsoft.com/fwlink/?LinkId=111845.

Upgrade from Windows Server 2003

You can upgrade a server running Windows Server 2003 and IAS to Windows Server 2008 and NPS. During the upgrade process, the server configuration is preserved, including the RADIUS client, connection request policy, accounting, and remote access policy configurations. In NPS, however, remote access policies are renamed to network policies.

In addition, you can export the configuration of an IAS server in Windows Server 2003, and then import the configuration to an NPS server in Windows Server 2008 by following the instructions in the following article:

NPS servers in Windows Server 2008 systems cannot import configuration settings that were exported from IAS servers in Windows Server 2003 systems

NPS as a role service

NPS is a role service of the Network Policy and Access Services (NPAS) server role. Other role services of NPAS are the Routing and Remote Access service, Health Registration Authority (HRA), and Host Credential Authorization Protocol (HCAP). For information about how to install NPS, see the NPS Operations Guide.

NPS server administration

After you install NPS, you can administer NPS servers:

Locally, by using the NPS Microsoft Management Console (MMC) snap-in, the static NPS console in Administrative Tools, or the network shell (Netsh) commands for NPS.
From a remote NPS server, by using the NPS MMC snap-in, the Netsh commands for NPS, or Remote Desktop Connection.
From a remote workstation, by using Remote Desktop Connection.

Note

You cannot use the Windows Server Administration Tools Pack to remotely administer an NPS server from a workstation.

SQL Server compatibility

You can configure NPS RADIUS accounting to record accounting information to a stored procedure in a Microsoft SQL Server 2000, SQL Server 2005, or SQL Server 2008 database.