Export (0) Print
Expand All

Configure Network Policy for Full Enforcement

Updated: February 29, 2012

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Full enforcement is one of the three primary phases of a NAP deployment. With full enforcement, noncompliant computers are denied access to the network. This phase introduces the greatest impact to users. By this stage of the deployment, you should fully understand the reporting data so that the business impact of restricting noncompliant computers can be anticipated and appropriate resources are in place. It is critical that you monitor daily NAP statistics and trends during this stage.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

To implement full enforcement, use a NAP enforcement setting of Allow limited access in noncompliant network policy.

  1. Click Start, click Run, type nps.msc, and then press ENTER.

  2. In the Network Policy Server console tree, open Policies\Network Policies.

  3. In the details pane, under Policy Name, double-click the name of the network policy for noncompliant NAP client computers.

  4. In the policy properties window, on the Settings tab, click NAP Enforcement, choose Allow limited access, and then click OK. See the following example.

    e2bfdf58-74f7-484d-a934-d4b211967a8c
  5. Close the NPS console.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft