What Is Network Policy Server (NPS)?

Applies To: Windows Server 2008, Windows Server 2008 R2

In this section

• Components of a RADIUS Infrastructure

• NPS as a RADIUS Server and Proxy

• New Features and Name Changes for NPS

• NPS Terminology

• Planning NPS as a RADIUS proxy

• Planning NPS as a RADIUS server

• Components of NPS

When you provide your organization’s employees and their computers with network connectivity through network access servers, such as virtual private network (VPN) servers, wireless access points, and dial-up servers, you can use NPS to create, centrally manage, and enforce the network access policies that determine whether users and computers can or cannot access the network.

During a connection attempt, users and computers typically provide account credentials in the form of a user name and password or a certificate. NPS can examine these credentials and use them to verify the identity of – or authenticate – the user or computer before allowing network access. NPS can also determine whether the user or computer has permission to access the network by authorizing the connection request against user account properties, network policies that you have created, or both.

NPS provides you with the advantage of configuring network policies at one server (the server running NPS) that are applied at many servers (the network access servers). For example, if you have 10 wireless access points and are not using NPS, you must configure access policies 10 times; but if you use NPS, you must configure each policy only one time.

By using NPS, you can centrally manage network access for organizations of all sizes, including small businesses, medium organizations, enterprise-level organizations, and Internet service providers (ISPs). NPS provides you with the ability to secure and manage network access across a variety of network access scenarios such as the following:

• Employees connecting to your organization network through dial-up, VPN, wireless, Terminal Services Gateway (TS Gateway), and wired connections, using a variety of devices, including organization computers, personal digital assistants, and non-domain member computers, such as employee-owned devices.

• Employees connecting to other networks, including the Internet and business partner networks.

• Business partners connecting to your organization network.

The underlying protocol that provides NPS with the ability to communicate with such a broad range of network access servers is the Remote Authentication Dial-In User Service (RADIUS) protocol.