Export (0) Print
Expand All

Create an IPsec NAP Exemption Group

Updated: February 29, 2012

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

To exempt computers from NAP health checks when you use NAP with IPsec enforcement, you can autoenroll members of a security group with NAP exemption certificates. To autoenroll exempted computers, create a NAP exemption certificate template and grant enroll and autoenroll permissions to the IPsec NAP exemption group created in this procedure. For more information, see Create Health Certificate Templates.

Membership in the local Domain Admins group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

Use the following procedure to create a NAP exemption group.

  1. On a domain controller, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

  2. In the Active Directory Users and Computers console tree, right-click the domain name (for example, Woodgrovebank.local), point to New, and then click Group.

  3. Under Group Name, type IPsec NAP Exemption, and then click OK.

  4. Leave the Active Directory Users and Computers console open for the following procedure.

  1. In the Active Directory Users and Computers console tree, click the domain name (for example, Woodgrovebank.local).

  2. In the details pane, right-click IPsec NAP Exemption, and then click Properties.

  3. Click the Members tab, click Add, click Object Types, select Computers, and then click OK.

  4. Under Enter the object names to select, type the name of the computer or group you want to exempt, and then click OK twice.

  5. Close the Active Directory Users and Computers console.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft