Step by Step : Installing and Configuring
a Network Policy Server in Windows
Server 2012 R2
July 15, 2014
Network Policy Server, what is NPS all about?
NPS enables you to create and enforce organization-wide network access policies
for client health, connection request authentication, and connection request
authorization.
You also can use NPS as a RADIUS proxy to forward connection requests to NPS or
other RADIUS servers that you configure in remote RADIUS server groups.
You can use NPS to implement network-access authentication, authorization, and client
health policies with any combination of the following 3 functions:
RADIUS server
RADIUS proxy
NAP policy server
More information please log in to : http://msdn.microsoft.com/enus/library/cc732912.aspx
This will be a very long step to go through, so please take your time and make sure you
have a working domain lab for you to install & configure NPS
What you will find in my post today will be straight forward process to deploy &
configure NPS, there was many things you can do with NPS.. so please spend some
time browsing to Microsoft technet for more details information
Lets get started by installing NPS role and this NPS role later will be use to support
RADIUS
1 On the Domain server (OSI-ADDS01), open Server Manager, click Add roles and
features
�2 Next, on the Select installation type interface, click Role-based or feature based
installation, and then click Next to proceed
�3 On the Select destination server interface, click Next
�4 On the Select server roles interface, select the Network Policy and Access Services
check box and then click Next
5 On the Select features interface, just click Next to proceed
�6 Next, on the Network Policy and Access Services page, click Next
�7 Next, on the Select role services interface, click Network Policy Server check box,
and then click Next
8 On the Confirm installation selections interface, click Install
�9 Next, verify that our installation was successful, and then click Close
�10 Next, on the Server Manager, click Tools and then click Network Policy Server
11 In Network Policy Manager interface, in the navigation pane, right-click NPS
(Local), and then click Register server in Active Directory
�12 In the Network Policy Server message box, just click OK to proceed
�13 In the subsequent Network Policy Server interface, click OK
14 Next, lets continue with configuring NPS Templates In the Network Policy
Server console, right-click Shared Secrets, and then click New
�15 Next, in the New RADIUS Shared Secret Template interface, in the Template
name box, type OSI Security (you can fill in any name you prefer), then in the Shared
secret and Confirm shared secret boxes, type your preferred password and then click
OK
�16 Next, right-click RADIUS Clients, and then click New
�17 Next, in the New RADIUS Client interface, in the Friendly name box, type OSINPS, then you need to key in the IP Address of the NPS Server, which in my case
172.16.0.106, click Verify to confirm the IP Address, then click Resolve so that it will
identify the correct IP Address, click OK to proceed
18 Next, in the New RADIUS Client interface, under Shared Secret, in the Select an
existing Shared Secrets template area, click OSI Security, and then click OK.
�19 Next, lets configure RADIUS accounting for logging purposes
�20 In the Accounting Configuration introduction Wizard, click Next
21 On the Select Accounting Options interface, click Log to a text file on the local
computer, and then click Next
�22 On the Configure Local File Logging interface, click Next
�23 On the Summary interface, click Next
24 On the Conclusion interface, click Close
�25 Next, we need to configure and test our RADIUS Client.. In the Network Policy
Server console, expand RADIUS Clients and Servers, then right-click RADIUS
Clients, and then click New
�26 In the New RADIUS Client interface, please clear the Enable this RADIUS
client check box, then you can click Select an existing template check box.. verify
that your existing template listed in the list then click OK
�We have done installing & configuring NPS in our domain server which OSI-ADDS01
server, now its time for us to configure Routing and Remote Access in RADIUS Client
(OSI-NPS server)
27 On the OSI-NPS Server, open Server Manager, click Add Roles and features
�28 On the Before you begin interface, click Next
�29 On the Select installation type interface, click Next
30 On the Select destination server, click Next to proceed
�31 On the Select server roles interface, click Remote Access box and click Next
�32 On the Select features interface, click Next
33 Next, on the Remote Access interface, click Next
�34 On the Select role services, make sure you click DirectAccess and VPN (RAS)
check box, and then click Next
�35 On the Web Server Role (IIS) interface, proceed with Next
�36 On the Select role services interface, proceed with Next
37 On the Confirm installation selections interface, click Install
�38 On the Installation progress interface, click close
�39 Next, open Server Manager click Tools and click Routing ans Remote Access
40 Next, in the Routing and Remote Access console, right-click NPS (Local), and
then click Configure and Enable Routing and Remote Access
�41 On the Routing and Remote Access Server Wizard interface, click Next
�42 On the Configuration interface, make sure you click Remote access (dial up or
VPN)
43 ON the Remote Access interface, click VPN check box
�44 Next, in the VPN Connection interface, click the network interface named
Ethernet 3, but make sure you clear the Enable security on the selected interface by
setting up static packet filters check box, and then click Next
�45 On the IP Address Assignment interface, select From a specified range of
addresses, and then click Next
�46 On the Address Range Assignment interface, click New
�47 On the New IPv4 Address Range interface, in the Start IP address, type
172.16.0.201, then in the End IP address, type 172.16.0.220, verify that 20 IP addresses
were assigned for remote clients, and then click Next
48 On the Address Range Assignment interface, click Next
�49 On the Managing Multiple Remote Access Servers interface, click Yes, set up
this server to work with a RADIUS server, and then click Next
�50 On the RADIUS Server Selection interface, in the Primary RADIUS server box,
type ADDS01 In the Shared secret box, type your password and then click Next
�51 In the Routing and Remote Access Server Setup Wizard, click Finish
�52 In the Routing and Remote Access dialog box, click OK
53 Next, switch to the OSI-ADDS01 domain server so that we can configure a
Network Policy for RADIUS in the Network Policy Server console, expand
Policies, and then click Network Policies, in the details pane, right-click the policy at
the top and bottom of the list, and then click Disable
�54 Next, right click Network Policies, and then click New
�55 In the New Network Policy Wizard, in the Policy name box, type OSI VPN
Policy, and then in the Type of network access server list, click Remote Access
Server(VPN-Dial up), and then click Next
56 Next, on the Specify Conditions page, click Add, then in the Select condition
dialog box, click NAS Port Type, and then click Add
�57 In the NAS Port Type dialog box, select the Virtual (VPN) check box, and then
click OK
�58 Next, on the Specify Conditions interface, click Next
�59 Next on the Specify Access Permission interface, click Access granted, and then
click Next
60 On the Configure Authentication Methods interface, click Next
�61 On the Configure Constraints interface, click Next
�62 On the Configure Settings interface, click Next
63 On the Completing New Network Policy interface, click Finish
�64 Next, on the Network Policy Server console, verify your setting
�65 Now lets test our RADIUS configuration with Windows 8.1 client, switch to
Windows 8.1 client and log in as Administrator, then open Network and Sharing Center
control panel, in the Network and Sharing Center, click Set up a new connection on
network
66 On the Choose a connection option interface, click Connect to a workplace, and
then click Next
�67 On the How do you want to connect interface, click Use my Internet connection
(VPN)
�68 Click Ill set up an Internet connection later
�69 On the Type the Internet address to connect to interface, in the Internet address
box, type 172.16.0.109, in the Destination name box, type OSI VPN, then select the
Allow other people to use this connection check box, and then click Create
70 In the Network And Sharing Center window, right-click the OSI
VPN connection, and then click Properties
�71 On the OSI VPN Properties, click the Security tab and then in the Type of VPN
list, click Point to Point Tunneling Protocol (PPTP), then under Authentication,
click Allow these protocols, and then click OK
�72 Next, right-click the OSI VPN connection, and then click Connect/Disconnect
�73 Next, in Network sign-in, in the User name box, type osi\administrator and
password and then click OK
74 Lastly, wait few second for the VPN connection to be established. Ensure that
your connection is successful
