Network Access Protection

Reconfigured and renamed Domain Server to ADS for easier reference.

Set static addresses to ADS

IPv4 IP Address: 192.168.145.141

IPv4 Subnet: 255.255.255.0

IPv4 Default Gateway: 192.168.145.2

IPv4 DNS Server: 192.168.145.2

Tested internet connection. Successful

Run dcpromo on ADS to configure it as Domain Controller.
FQDN of forest root domain: nypfypj.com

Forest functional level: Windows Server 2008

Added in a new member server (named: NAP) to be used as a Network Policy Server

Set static addresses to NAP

IPv4 IP Address: 192.168.145.142

IPv4 Subnet: 255.255.255.0IPv4

Default Gateway: 192.168.145.2

IPv4 DNS Server: 192.168.145.141

Tested internet connection. Successful

Join NAP to nypfypj.com

Set static addresses to VistaBiz

IPv4 IP Address: 192.168.145.143

IPv4 Subnet: 255.255.255.0

IPv4 Default Gateway: 192.168.145.2

IPv4 DNS Server: 192.168.145.141

Tested internet connection. Successful

Join VistaBiz to nypfypj.com

Configured DHCP Server and Network Policy and Access Services role to NAP server. After installing, configured NPS (Network Policy Server) to use DHCP.

Back on ADS Server

Created new Group Policy named NAP Client Settings. Configured NAP Client Settings to enable Network Access Protection Agent and DHCP Quarantine Enforcement Client. Set this group policy to be used on the (Users) group NAP Enforced Computers. Added VistaBiz to the NAP Enforced Computers group so that the Group Policy is applied to that computer.

Rebooted all the clients (2 servers and vista client)

run gpupdate /force on VistaBiz to force update group policies

Tested auto-remediation feature by turning VistaBiz firewall off. Test successful. Firewall was automatically turned back on and alert was shown

Now that we know this works, we can modify it to fit our requirements on having a anti-virus software installed and updated.