Network Policy Server Operations Guide

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

The Network Policy Server (NPS) Operations Guide provides administration information about NPS in the Windows Server® 2008 operating system.

Note

In Windows Server 2008, Network Policy Server replaces the Internet Authentication Service (IAS) component of Windows Server 2003.

NPS is the Microsoft implementation of the Remote Authentication Dial-In User Service (RADIUS) protocol, and can be configured to act as a RADIUS server or RADIUS proxy, providing centralized network access management. When you configure NPS as a RADIUS server, network access servers that are configured as RADIUS clients in NPS forward connection requests to NPS for authentication and authorization.

When you configure NPS as a RADIUS proxy, NPS forwards authentication and accounting requests to RADIUS servers in a remote RADIUS server group.

The network access servers that you can configure as RADIUS clients in NPS are wireless access points, virtual private network (VPN) servers, 802.1X authenticating switches, Terminal Services Gateway (TS Gateway) servers, and dial-up servers.

In addition, you can configure NPS as a Network Access Protection (NAP) policy server. When NAP is deployed, NPS acts as a NAP policy server, performing client health checks against configured health policies.

You can also configure the NPS proxy to perform authorization locally while forwarding authentication requests to a remote RADIUS server group. In addition, you can customize the processing of accounting requests, processing them locally on the NPS proxy or forwarding them to other RADIUS servers.

Windows Server 2008 Editions and NPS

NPS provides different functionality depending on the edition of Windows Server 2008 that you install.

Windows Server 2008 Enterprise and Datacenter Editions

With NPS in Windows Server 2008 Enterprise and Windows Server 2008 Datacenter, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure RADIUS clients by specifying an IP address range.

Windows Server 2008 Standard Edition

With NPS in Windows Server 2008 Standard, you can configure a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client by using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the NPS server uses the first IP address returned in the Domain Name System (DNS) query.

Windows Web Server 2008

NPS is not included in this edition of Windows Web Server 2008.

NPS resources

For NPS resources in addition to this guide, see Network Policy Server in the Windows Server 2008 Technical Library (https://go.microsoft.com/fwlink/?LinkId=104545).

This guide is also available for download in Word format at the Microsoft Download Center: https://go.microsoft.com/fwlink/?LinkId=115743.