Checklist: Configure NPS for Dial-Up and VPN Access
Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
This checklist provides the tasks required to deploy dial-up and virtual private network (VPN) servers with Network Policy Server (NPS).
Task | Reference |
---|---|
Install and configure dial-up and VPN servers. |
RADIUS Server for Dial-Up or VPN Connections and your hardware documentation |
Determine the authentication method that you want to use. |
RADIUS Server for Dial-Up or VPN Connections; Certificate Requirements for PEAP and EAP; and your hardware documentation |
Autoenroll a server certificate to servers running NPS or, if you are using Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) only, purchase a server certificate. |
Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication on the Microsoft Download Center at https://go.microsoft.com/fwlink/?LinkId=33675 |
If you are using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or PEAP-TLS without smart cards, autoenroll user certificates, computer certificates, or both user and computer certificates, to domain users and domain member client computers. |
Deploy Client Computer Certificates and Deploy User Certificates |
Configure dial-up and VPN servers as Remote Authentication Dial-In User Service (RADIUS) clients in NPS. |
|
Create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the VPN servers. |
|
In NPS, configure one or more network policies for dial-up and VPN servers. |
Add a Network Policy; Create Policies for Dial-Up or VPN with a Wizard; and Network Policies |