background preloader


Facebook Twitter

Network Policy and Access Services. Updated: April 2, 2009 Applies To: Windows Server 2008 The Network Policy and Access Services (NPAS) server role is a logical grouping of the following related network access technologies: These technologies are the role services of the NPAS server role. When you install the NPAS server role, you can install one or more role service while running the Add Roles Wizard.

NPS is the Microsoft implementation of a Remote Authentication Dial-In User Service (RADIUS) server and proxy. You can use NPS to centrally manage network access through a variety of network access servers, including 802.1X authenticating switches and wireless access points, VPN servers, and dial-up servers. In addition, NPS is configurable as a Network Access Protection (NAP) policy server. For more information, see: HRA is a Network Access Protection (NAP) component that issues health certificates to clients that pass the health policy verification that is performed by NPS using the client statement of health (SoH).

DirectAccess with Network Access Protection (NAP) Published: March 25, 2010 Updated: October 1, 2010 Applies To: Windows Server 2008 R2 The DirectAccess feature in Windows 7 and Windows Server 2008 R2 allows DirectAccess client computers to directly connect to intranet-based resources without the complexity of establishing a virtual private network (VPN) connection. The user has the same connectivity experience both in and out of the office. DirectAccess is designed as a seamless, always-on remote access solution that removes user complexity, gives you easy and efficient management and configuration tools, and does not compromise the secure aspects of remote connectivity. The Network Access Protection (NAP) feature in Windows Server 2008 R2 and Windows 7 enforces health requirements by monitoring and assessing the health of client computers when they attempt to connect or communicate on a network.

See the following topics for additional information about this solution. To learn more about DirectAccess, see the following resources: NPS servers in Windows Server 2008 systems cannot import configuration settings that were exported from IAS servers in Windows Server 2003 systems. Consider the following scenario: You export some Internet Authentication Service (IAS) configuration settings from a computer that is running Windows Server 2003 to a file.You try to import these settings from the file into a computer that is running Windows Server 2008 and that has Network Policy Server (NPS) installed.In this scenario, the Import Configuration command in the NPS Microsoft Management Console (MMC) snap-in on the NPS server cannot read the file that was exported from the IAS server. Because of this, the only way to migrate IAS configuration settings into NPS is to upgrade computers that are running Windows Server 2003 together with IAS.

Upgrade them into computers that are running Windows Server 2008 together with NPS. This problem occurs because the IAS Configuration settings are stored as .mdb files in Windows Server 2003. They are not stored as .xml (NPS) files as they are in Windows Server 2008 and in later versions of Windows Server 2008. Hotfix information. Secure Windows Server. Migrate Server Roles to Windows Server 2008 R2. Updated: April 17, 2012 Applies To: Windows Server 2008 R2 For information about migrating server roles to Windows Server® 2012, see Migrate Roles and Features to Windows Server “8” Beta.

Migration documentation and tools ease the process of migrating server roles, features, operating system settings, and data from an existing server that is running Windows Server® 2003 or Windows Server® 2008 to a computer that is running Windows Server® 2008 R2. By using migration guides linked to on this page (and where appropriate, Windows Server Migration Tools) to migrate roles, role services, and features, you can simplify deployment of new servers (including those that are running the Server Core installation option of Windows Server 2008 R2, and virtual servers), reduce migration downtime, increase accuracy of the migration process, and help eliminate conflicts that could otherwise occur during the migration process.

Not all migrations require or use Windows Server Migration Tools. Windows Firewall with Advanced Security and IPsec. Updated: June 15, 2009 Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista Windows Firewall with Advanced Security is an advanced interface for IT professionals to use to configure both Windows Firewall and Internet Protocol security (IPsec) settings for the computers on their networks. Windows Firewall with Advanced Security is not for home users or for users who are not familiar with advanced firewall or IPsec technologies. This topic describes the documentation currently available for Windows Firewall with Advanced Security in Windows Vista®, Windows Server® 2008, Windows® 7, and Windows Server® 2008 R2. Additional documentation is in development, so check back periodically to see what has been added.

Your feedback is valuable and welcome! Please send your comments and suggestions to Windows Firewall with Advanced Security Documentation Feedback ( Windows Firewall. Purpose Microsoft Windows Firewall helps to protect computers from unsolicited network traffic. The Windows Firewall APIs make it possible to programmatically manage the features of Windows Firewall by allowing applications to create, enable, and disable firewall exceptions. Where applicable The Windows Firewall API is intended for situations in which a software application or setup program must operate with adjustments to the configuration of the networking environment in which it runs.

Developer audience The Windows Firewall API is designed for use by programmers using C/C++, Microsoft Visual Basic development system, Visual Basic Scripting Edition, and JScript development software. Run-time requirements In this section. IPsec and Windows Firewall Policy Deployment Step-by-Step Guide. This step-by-step guide illustrates how to deploy Active Directory® Group Policy objects (GPOs) to configure Windows Firewall with Advanced Security on computers that are running Windows® 7, Windows Vista®, Windows Server® 2008 R2, and Windows Server® 2008.

Although you can configure a single server locally by using Group Policy Management and other tools directly on the server, that method is not efficient and does not guarantee consistency when you have many computers to configure. When you have multiple computers to manage, you can instead create and edit GPOs, and then apply those GPOs to the computers in your organization.

For a downloadable version of this article, see the Microsoft Download Center at In this guide, you get hands-on experience in a lab environment that uses Group Policy management tools to create and edit GPOs to implement typical firewall and connection security settings and rules. In this document: Internet Data Security | Trustworthy Computing | End to End Trust. Reputation Services | Internet Security | End to End Trust. "Microsoft Reputation Services allows security administrators to block inappropriate or dangerous Web site categories without hindering employee productivity. " Microsoft Corporation, 2010 Today's information workers use the Web every day, all day, for both business and personal needs. Unfortunately, phishing scams, malware, and malicious Web sites are on the rise and they present real threats to company productivity, legal compliance, intellectual property, and brand image. Most companies cannot prohibit employees from using the Web, but there is a way to help employees maintain internet security.

Microsoft Reputation Services (MRS) is a new approach to Internet safety for employees. MRS is a global, cloud-based system that pulls from a variety of data sources—from both Microsoft and third parties—to determine the safety of 43 million (and increasing) Web domains and billions of Web pages in more than 80 categories such as games, criminal activity, gambling, and pornography. Trustworthy Computing | Business Practices.