Install a NAP Health Policy Server

Updated: February 29, 2012

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

A NAP health policy server is a computer running Network Policy Server (NPS) that is acting in the role of a NAP health evaluation server. The NAP health policy server has health policies and network policies that are used to evaluate compliance of NAP client computers. All NAP enforcement methods require that you install a NAP health policy server.

This topic explains how to install the NPS role service in Windows Server® 2012, Windows Server® 2008 R2, and Windows Server® 2008.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

PowerShell Logo This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see How to Run a Windows PowerShell Cmdlet.

To deploy a NAP health policy server, you must install the NPS role service. If you have already installed NPS on a NAP enforcement server that you plan to use as a NAP health policy server, you can skip this procedure.

Follow the steps in the appropriate section based on the version of Windows Server that is running on the server:

  1. Open a Windows PowerShell session with elevated rights. To do this, right-click the Windows PowerShell or Command Prompt Start menu object that you are using to start your Windows PowerShell sessions, and then click Run as administrator.

    Because of security restrictions imposed by User Account Control, you must use a Windows PowerShell session with elevated rights when adding server roles and role services.

  2. Load the Server Manager module into the Windows PowerShell session before working with Server Manager cmdlets. Type the following, and then press Enter.

    Import-Module Servermanager
    Windows PowerShell cmdlets are not case-sensitive.

  3. Type the following to install the DHCP server role and the Network Policy Server (NPS) role service:

    install-windowsfeature -name npas-policy-server -IncludeManagementTools 
    The –IncludeManagementTools parameter installs the management console on the target server.

  4. Verify via the Windows PowerShell console that the installation succeeded. Under Success, the result should be True.

  1. In Server Manager, click Manage and click Add Roles and Features.

  2. On the Before you begin page, click Next.

  3. On the Select Installation Type page, click Role/Feature Based Install and then click Next.

  4. On the Select destination server page, click Select a server from the server pool, click the names of the servers where you want to install NPS and then click Next.

  5. On the Select Server Roles page, click Network Policy and Access Services, and then click Next three times. On the Select role services page, click Network Policy Server, and in the Add Roles and Features Wizard dialog box, verify that Include management tools (if applicable) is selected, click Add Features, and then click Next.

  6. On the Confirm installation selections page, click Install.

  7. On the Installation Results page, verify that the installation was successful, and then click Close.

  1. In Server Manager, under Roles Summary, click Add Roles, and then click Next.

  2. On the Select Server Roles page, select the Network Policy and Access Services check box, and then click Next twice.

  3. On the Select Role Services page, select the Network Policy Server check box, and then click Next.

  4. On the Confirm Installation Selections page, click Install.

  5. On the Installation Results page, verify that the installation was successful, and then click Close.

    NPS fails to install correctly if you have a manually configured IPv6toIPv4 address on your computer. If your computer’s network adapter is configured with an IPv6toIPv4 address, disable IPv6 configuration to successfully install NPS on this computer. To disable IPv6 configuration, clear the Internet Protocol Version 6 (TCP/IPv6) check box in the Local Area Connection Properties dialog box.

See Also

Community Additions