Configure Remediation Server Groups

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Remediation server groups are used to specify servers that are available to noncompliant NAP clients for the purpose of remediating their health state to comply with health requirements. The type of remediation servers that are required depend on your health requirements and network access methods. After you create a remediation server group, you must add this group to a network policy for noncompliant computers.

Note

Not all NAP enforcement methods use remediation server groups configured in the Network Policy Server (NPS) console to provide access to remediation servers on the restricted network. For more information, see Remediation Server Groups.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see How to Run a Windows PowerShell Cmdlet.

Configuring remediation server groups

Use the following procedures to create a remediation server group, to modify an existing group, and to add a remediation server group to network policy.

  • To create a remediation server group by using the NPS console

  • To create a remediation server group by using Windows PowerShell

  • To edit or delete an existing remediation server group

  • To delete an existing remediation server group by using Windows PowerShell

  • To add a remediation server group to network policy

To create a remediation server group by using the NPS console

  1. On the NAP health policy server, click Start, click Run, type nps.msc, and then press Enter.

  2. In the Network Policy Server console tree, open Network Access Protection\Remediation Server Groups.

  3. Right-click Remediation Server Groups, and then click New.

  4. In the New Remediation Server Group dialog box, under Group Name, type a friendly name for the new remediation server group.

  5. Click Add, and in Add New Server, under Friendly name, type a friendly name for the remediation server. You can also leave Friendly name blank, if you prefer.

  6. Under IP address or DNS name, type the IP address or domain name of the remediation server. To verify DNS resolution of the domain name, click Resolve, click OK, and then verify that the remediation server has been added to the list under Remediation Servers.

  7. Repeat steps 5 and 6 until all remediation servers have been added to the group, and then click OK.

To create a remediation server group by using Windows PowerShell

Beginning in Windows Server® 2012, you can use a Windows PowerShell command to complete this task.

The command syntax for adding a remediation server group is as follows.

New-NpsRemediationServerGroup –Name <string>

The following table lists parameters for the New-NpsRemediationServerGroup cmdlet in Windows PowerShell. Parameters in bold are required.

Parameter Description

Name

Specifies the name of the remediation server group that you want to add to the Network Policy Server (NPS) configuration.

Example

In the following example, a remediation server group named “RSG-1” is added to the NPS configuration.

New-NpsRemediationServerGroup -Name RSG-1

To edit or delete an existing remediation server group

  1. On the NAP health policy server, click Start, click Run, type nps.msc, and then press Enter.

  2. In the Network Policy Server console tree, open Network Access Protection\Remediation Server Groups.

  3. Click Remediation Server Groups, and then under Group Name, right-click the name of a remediation server group you want to modify.

    • To rename a remediation server group, click Rename, and then type a new name for the group.

    • To delete a remediation server group, click Delete, and then click OK.

    • To modify a remediation server group, click Properties, and use the steps in the preceding procedure to add new group members. Click Edit or Remove to modify or delete group members. Click OK to save your changes.

To delete an existing remediation server group by using Windows PowerShell

Beginning in Windows Server® 2012, you can use a Windows PowerShell command to complete this task.

The command syntax for deleting a remediation server group is as follows.

Remove-NpsRemediationServerGroup –Name <string>

The following table lists parameters for the Remove-NpsRemediationServerGroup cmdlet in Windows PowerShell. Parameters in bold are required.

Parameter Description

Name

Specifies the name of the remediation server group that you want to remove to the Network Policy Server (NPS) configuration.

Example

In the following example, a remediation server group named “RSG-1” is removed from the NPS configuration.

Remove-NpsRemediationServerGroup -Name RSG-1

To add a remediation server group to network policy

  1. In the Network Policy Server console tree, open Polices\Network Policies.

  2. In the details pane, double-click the network policy for noncompliant computers that will use the remediation server group.

  3. In the policy properties window, click the Settings tab, and then click NAP Enforcement.

  4. Under Remediation Server Group and Troubleshooting URL, click Configure.

  5. In the Remediation Servers and Troubleshooting URL dialog box, under Remediation Server Group, use the drop-down list to select the remediation server group that you configured in the preceding procedure, and then click OK.

  6. Click OK again to close the policy properties window.

See Also

Concepts

Network Policies
System Health Validators