Configure NAP Client Security Groups

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

You can use security groups to deploy NAP client settings to a subset of computers on your network and to deploy different NAP client settings to different groups.

Membership in the local Domain Admins group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Create a NAP client security group

Use the following procedure to create a NAP client security group.

To create a NAP client security group

1. On a domain controller, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

2. In the Active Directory Users and Computers console tree, right-click the domain name (for example, Woodgrovebank.local), point to New, and then click Group.

3. Under Group Name, type a name for the security group (for example, Vista NAP Clients), and then click OK.

4. Leave the Active Directory Users and Computers console open for the following procedure.

To add computers to the NAP client security group

1. In the Active Directory Users and Computers console tree, click the domain name (for example, Woodgrovebank.local).

2. In the details pane, right-click the name of your NAP client security group (for example, Vista NAP Clients), and then click Properties.

3. Click the Members tab, click Add, click Object Types, select Computers, and then click OK.

4. Under Enter the object names to select, type the name of the computer or group you want to add to the NAP client security group, and then click OK twice.

5. Close the Active Directory Users and Computers console.