Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies To: Windows Server 2008
This checklist provides the steps required to deploy 802.1X authenticating switches with Network Policy Server (NPS) and Network Access Protection (NAP).
| Task | Reference |
|---|---|
Install and configure 802.1X authenticating switches on your network. |
RADIUS Server for 802.1X Wireless or Wired Connections and your hardware documentation |
Determine whether you want to use PEAP-MS-CHAP v2 or PEAP-TLS as the authentication method. |
RADIUS Server for 802.1X Wireless or Wired Connections; Certificate Requirements for PEAP and EAP; PEAP Overview; and your hardware documentation |
Autoenroll a server certificate to NPS servers or, if you are using PEAP-MS-CHAP v2, optionally purchase a server certificate rather than deploying your own CA. |
Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication (https://go.microsoft.com/fwlink/?LinkId=33675) |
If you are using PEAP-TLS without smart cards, autoenroll user certificates, computer certificates, or both user and computer certificates, to domain member client computers. |
Deploy Client Computer Certificates and Deploy User Certificates |
Configure 802.1X wired clients using Group Policy. |
Configure 802.1X Wired Clients Running Windows Vista with Group Policy |
Configure 802.1X authenticating switches as RADIUS clients in NPS. |
|
Create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the switches. |
|
On NAP-capable client computers, enable the Network Access Protection service and change the startup type to automatic. |
|
On NAP-capable client computers, enable the EAP enforcement client. |
|
If you are using the Windows Security Health Validator (WSHV) in your NAP deployment, enable Security Center on NAP-capable clients using Group Policy. |
|
In NPS, if your NAP deployment requires it, configure the WSHV. |
|
Install and configure other system health agents (SHAs) and system health validators (SHVs). |
|
In NPS, configure health policies, connection request policies, and network policies that enforce NAP for 802.1X wired access. |
|
In NPS, if you are deploying remediation servers so that clients can automatically update their configuration in compliance with health policy, configure Remediation Server Groups. |