Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

NIIT NETWORK ESSENTIALS [email protected] 6 ~ GNIIT HELP

Network Essentials [email protected] home 6

2. You are the System Administrator at AmpleInfo Corporations. The company's security policy states that only client computers that meet the security requirements of the network should be able to connect to the network. Now, you have been given a task to ensure security for the connections and establish a way to bring non compliant client computers into compliance automatically. You analyze the scenario and want to implement the Dynamic Host Configuration Protocol (DHCP) Network Access Protection (NAP) enforcement. How will you configure NAP and DHCP to accomplish the preceding task?

To accomplish the assigned task, you need to perform the following tasks:
Install the DHCP and Network Policy Server (NPS) server roles.
Configure the Image_SVR1 virtual machine as a NAP health policy server.
Configure the DHCP service for NAP enforcement.
Configure the Image_Win8_CL1 virtual machine as the DHCP and NAP client.
Test the NAP enforcement.




Task 1: Installing the DHCP and NPS Server Roles To install the DHCP and NPS server roles,page is Displayed.you need to perform the following steps in the Image_SYR1 virtual machine:
1. Switch to the Image_SVR1 virtual machine.
2. Ensure that the Server Manager window is open and active.
3 Click the Add roles and features link in the right pane.
4. Click the Next button. The Select installation type page is displayed.
5. Click the Next button. The Select destination server page is displayed.
6. Click the Next button. The Select server roles.
7. Select the DHCP Server check box in the Roles list box_ The Add Roles and Features Wizard dialog box is displayed.
8. Click the Add Features button. The Select server roles page is displayed.
9. Select the Network Policy and Access Services check box. The Add Roles and Features Wizard dialog box is displayed.
10. Click the Add Features button. The Select server roles page is displayed.
11. Click the Next button. The Select features page is displayed.
12. Click the Next button. The DHCP Server page is displayed.
13. Click the Next button. The Network Policy and Access Services page is displayed.
14. Click the Next button. The Select role services page is displayed.
15. Ensure that the Network Policy Server check box is selected in the right pane.
16. Click the Next button. The Confirm installation selections page is displayed.
17. Select the Restart the destination server automatically if required check box. The Add Roles and Features Wizard dialog box is displayed.
18. Click the Yes button. The Confirm installation selections page is displayed.
19. Click the Install button. The Installation progress page is displayed. After a few minutes, the Configuration required message is displayed in the right pane.
20. Click the Complete DHCP configuration link. The Description page of DHCP Post-Install configuration wizard is displayed.
21. Click the Next button. The Authorization page is displayed.
22. Click the Commit button. The Summary page is displayed.
23. Click the Close button. The Installation progress page is displayed.
24. Click the Close button. The Server Manager window is displayed.
25. Select DHCP in the Left Pane.
26. Right-click the 1MAGE_SVR1 server under the Server Name column in the right pane, and then select the DHCP Manager option. The DHCP window is displayed.
27. Maximize the DHCP window.
28. Expand the Image_SVR1Adatum.com-.IPv4 nodes in the left pane.
29. Right-click the IPv4 node in the left pane, and then select the New Scope option. The Welcome to the New Scope Wizard page of New Scope Wizard is displayed.
30. Click the Next button. The Scope Name page is displayed.
31. Type N.-11:' Scope in the Name text box.
32. Click the Next button. The IP Address Range page is displayed.
33. Type 172.16.0.25 in the Start IP address text box.
34. Type 172.16.0.254 in the End IP address text box.
35. Click the Next button. The Add Exclusions and Delay page is displayed.
36. Click the Next button. The Lease Duration page is displayed.
37. Click the Next button. The Configure DHCP Options page is displayed.
38. Select the No, I will configure these options later option.
39. Click the Next button. The Completing the New Scope Wizard page is displayed.
40. Click the Finish button.
41. Select the Scope node in the left pane.
42. Right-click the Scope node in the left pane, and then select the Activate option.
43. Select the Server Options node in the left pane.
44. Right-click the Server Options node in left pane, and then select the Configure Options option. The Server Options dialog box is displayed.
45. Scroll down and select the 006 DNS Servers check box under the Available Options column.
46. Type 172.16.0.10 in the IP address text box.
47. Click the Add button. The DNS Validation message box is displayed for a few moments. After this, the address is added to the list box below the IP address text box.
48. Scroll down and select the 015 DNS Domain Name check box under the Available Options column. 
49. Type Adatam.com in the String value text box.
50. Click the OK button.
51. Close the DHCP window.
52. Press the Windows+I keys. The Settings pane is displayed.
53. Select Power-tRestart.
54. Click the Continue button. After a few moments, the Press Ctrl+Alt+Delete to sign in screen is displayed.
55. Press the Ctrl+Alt+End keys.
56. Type PaSSwOrd in the Password text box.
57. Press the Enter key. After a few moments, the Server Manager window is displayed.

Task 2: Configuring the Image_SVR1 Virtual Machine as a NAP Health Policy Server To configure the Image_SVR1 virtual machine as a NAP health policy server, you need to perform the following tasks:
1. Configure Security Health Validator (SHV).
2. Configure remediation server groups.
3. Configure health policies.
4. Configure a network policy for compliant clients.
5. Configure a network policy for non compliant clients.

Task 2.1: Configuring SHV
To configure SHV, you need to perform the following steps in the Image_SVR1 virtual machine:
1. Press the Windows key. The Stan screen is displayed.
2. Click the Network Policy Server tile. The Network Policy Server window is displayed.
3. Expand the Network Access Protection->System Health Validators->Windows Security Health Validator nodes in the left pane.
4. Select the Settings node.
5. Right-click the Default Configuration option under the Name column in the right pane, and then select the Properties option. The Windows Security Health Validator dialog box is displayed.
6. Ensure that the Windows 8/Windows 7/Windows Vista option is selected in the left pane.
7. Clear all the check boxes except the A firewall is enabled for all network connections check box in the right pane. For this, you can perform the following steps:
a. Clear the Antivirus is up to date check box.
b. Clear the An antivirus application is on check box.
c. Clear the Antispyware is up to date check box.
d. Clear the An antispnvare application is on check box.
e. Clear the Automatic updating is enabled check box.
8. Click the OK button. The Network Policy Server window is displayed.

Task 2.2: Configuring Remediation Server Groups
To configure remediation server groups, you need to perform the following steps in the Image_SVR1 virtual machine:
1. Right-click the Remediation Server Groups node in the left pane, and then select the New option.
2. Type the Groupl in the Group Name text box.
3. Click the Add button. The Add New Server dialog box is displayed.
4. Type 172.16.0.10 in the IP address or DNS name text box.
5. Click the OK button_ The New Remediation Server Group dialog box is displayed.
6. Click the OK button_ The Network Policy Server window is displayed.

Task 2.3: Configuring Health Policies
To configure health policies, you need to perform the following steps in the Image_SVR1 virtual machine:
1. Expand the Policies node in the left pane.
2. Select the Health Policies node in the left pane.
3. Right-click the Health Policies node in the left pane, and then select the New option.
4. Type Compliant in the Policy name text box.
5. Ensure that the Client passes all SHV checks option is selected in the Client SHV checks drop-down list.
6. Select the Windows Security Health Validator check box under the SEM used in this health policy section.
7. Click the OK button. The Network Policy Server window is displayed.
8. Right-click the Health Policies node in the left pane, and then select the New option.
9. Type Non Compliant in the Policy name text box.
10. Select the Client fails one or more SHV checks option from the Client SHV checks drop-down list.
11. Select the Windows Security Health Validator check box under the SHVs used in this health policy section.
12. Click the OK button. The Network Policy Server window is displayed.

Task 2.4: Configuring a Network Policy for Compliant Clients
To configure a network policy for compliant clients, you need to perform the following steps in the Image_SVR1 virtual machine:
1. Select the Network Policies node under the Policies node in the left pane.
2. Right-click the Connections to Microsoft Routing and Remote Access server option under the Policy Name column in the right pane, and then select the Disable option.
3. Right-click the Connections to other access servers option under the Policy Name column in the right pane, and then select the Disable option.
4. Right-click the Network Policies node in the left pane, and then select the New option. The Specify Network Policy Name and Connection Type page of the New Network Policy wizard is displayed.
5. Type Compliant-Full-Access in the Policy name text box.
6. Click the Next button. The Specify Conditions page is displayed.
7. Click the Add button. The Select condition dialog box is displayed.
8. Scroll down the Select a condition, and then click Add list to locate the Network Access Protection section.
9. Double-click the Health Policies icon. The Health Policies dialog box is displayed.
10. Select the Compliant option under the Health policies drop-down list.
11. Click the OK button. The Specify Conditions page is displayed.
12. Ensure that the Health Policy option is displayed under the Condition column displaying the Compliant text under the Value column.
13. Click the Next button. The Specify Access Permission page is displayed.
14. Ensure that the Access granted option is selected.
15. Click the Next button. The Configure Authentication Methods page is displayed.
16. Clear all the check boxes.
17. Select the Perform machine health check only check box.
18. Click the Next button. The Configure Constraints page is displayed.
19. Click the Next button. The Configure Settings page is displayed.
20. Select the NAP Enforcement option under the Network Access Protection section in the left pane.
21. Ensure that the Allow full network access option is selected in the right pane.
22. Scroll down and clear the Enable auto-remediation of client computers check box.
23. Click the Next button. The Completing New Network Policy page is displayed.
24. Click the Finish button. The Network Policy Server window is displayed.

Task 2.5: Configuring a Network Policy for Non Compliant Clients
To configure a network policy for non compliant clients, you need to perform the following steps in the Image_SVR1 virtual machine:
1. Right-click the Network Policies node in the left pane, and then select the New option. The Specify Network Policy Name and Connection Type page of the New Network Policy wizard is displayed.
2. Type Non Compliant-Restricted in the Policy name text box.
3. Click the Next button. The Specify Conditions page is displayed.
4. Click the Add button. The Select condition dialog box is displayed.
5. Scroll down the Select a condition, and then click Add list to locate the Network Access Protection section.
6. Double-click the Health Policies icon. The Health Policies dialog box is displayed.
7. Select the Non Compliant option in the Health policies drop-down list.
8. Click the OK button. The Specify Conditions page is displayed.
9. Ensure that the Health Policy option is displayed under the Condition column displaying the Non Compliant text under the Value column.
10. Click the Next button. The Specify Access Permission page is displayed.
11. Ensure that the Access denied option is selected.
12. Click the Next button. The Configure Authentication Methods page is displayed.
13. Clear all the check boxes.
14. Select the Perform machine health check only check box.
15. Click the Next button. The Configure Constraints page is displayed.
16. Click the Next button. The Configure Settings page is displayed.
17. Select the NAP Enforcement option under the Network Access Protection section in the left pane.
18. Select the Allow limited access option.
19. Scroll down and clear the Enable auto-remediation of client computers check box.
20. Click the Next button. The Completing New Network Policy page is displayed.
21. Click the Finish button. The Network Policy Server window is displayed.
22. Close the Network Policy Server window.

Task 3: Configuring the DHCP Service for NAP Enforcement To configure the DHCP service for NAP enforcement, you need to perform the following steps in the Image_SVR1 virtual machine:
1. Ensure that the Server Manager window is open and active.
2. Ensure that DHCP is selected in the left pane.
3. Right-click the 1MAGE_SVR1 option under the Server Name column in the right pane, and then select the DHCP Manager option.
4. Expand the Image_SVR1Adatam.com-APv4 nodes in the left pane.
5. Select the Scope [172.16.0.0] NAP Scope node in the left pane.
6. Right-click the Scope [172.16.0.0] NAP Scope node in the left pane, and then select the Properties option.
7. Click the Network Access Protection tab.
8. Select the Enable for this scope option under the Network Access Protection Settings section.
9. Ensure that the lise default Network Access Protection profile option is selected.
10. Click the OK button. The DHCP window is displayed.
11. Ensure that the Scope [172.16.0.0] NAP Scope node is expanded in the left pane.
12. Select the Scope Options node in the left pane.
13. Right-click the Scope Options node in the left pane, and then select the Configure Options option.
14. Click the Advanced tab.
15. Ensure that the DHCP Standard Options option is selected in the Vendor class drop-down list.
16. Select the 003 Router check box under the Available Options column.
17. Type 172.16.0.10 in IP address text box.
18. Click the Add button.
19. Scroll down and select the 015 DNS Domain Name option under the Available Options column.
20. Ensure that the adatum.com text is displayed in the String value text box.
21. Click the OK button. The DHCP window is displayed.
22. Close the DHCP window.

Task 4: Configuring the Image_VVin8_CL1 Virtual Machine as the DHCP and NAP Client To configure the Image_Win8_CL1 virtual machine as the DHCP and NAP client,
you need to perform the following tasks-
1. Enable security center.
2. Enable the DHCP enforcement client.
3. Enable and start the NAP agent service.
4. Configure the Image Nirin8_CL1virtual machine for the DHCP address assignment.

Task 4.1: Enabling Security Center
To enable security center, you need to perform the following steps in the Image_Win8_CL1 virtual machine:
1. Ensure that the Image_Win8_CL1 virtual machine is running and active and you are logged on with Adatum\Administrator as the usemame and PaSSwOrd as the password.
2. Ensure that the Start screen is displayed.
3. Type Control Panel.
4. Press the Enter key. The Control Panel window is displayed.
5. Click the Network and Internet link. The Network and Internet window is displayed.
6. Click the Network and Sharing Center link in right pane. The Network and Sharing Center window is displayed.
7. Click the Windows Firewall link under the See also section in the left pane.
8. Click the Turn Windows Firewall on or off link in the left pane.


This post first appeared on GNIITHELP, please read the originial post: here

Share the post

NIIT NETWORK ESSENTIALS [email protected] 6 ~ GNIIT HELP

×

Subscribe to Gniithelp

Get updates delivered right to your inbox!

Thank you for your subscription

×