Book description
Get the official resource for deploying, administering, and troubleshooting Windows Server 2008 networking and Network Access Protection (NAP) technologies, direct from the experts who know the technologies best. This definitive resource from award-winning Microsoft® networking author Joseph Davies and Microsoft Most Valuable Professional (MVP) author Tony Northrup also offers expert insights direct from the Windows Server Networking team at Microsoft. You get detailed information about all major networking and network security services, including the all-new Network Access Protection (NAP), authentication infrastructure, IPv4 and IPv6, remote access, virtual private networks, IP security, quality of service, scalable networking, wireless infrastructure and security, DNS, DHCP, Windows® Firewall, and more. You also get a companion DVD with a fully searchable eBook version of the book, plus eBook samples from Understanding IPv6 2nd Edition, Windows Server 2008 TCP/IP Protocols and Services, and TCP/IP Fundamentals. This official Microsoft resource delivers what every Windows administrator needs to master Windows Server 2008 networking.
Key Book Benefits
Delivers in-depth technical guidance for administering, Windows
Server 2008 networking and NAP technologies
Features definitive product information from the experts, with
additional insights from the Windows Server team at Microsoft and
field consultants
Provides the detailed information that every Windows
administrator needs about NAP, IPv4 and IPv6, remote access,
virtual private networks, IP security, DNS, DHCP, Windows Firewall,
and more
Includes a DVD with a fully searchable eBook of all seven volumes, plus bonus eBook samples from three additional networking books
Table of contents
-
Windows Server® 2008 Networking and Network Access Protection (NAP)
- Acknowledgments
- Introduction
-
I. Addressing and Packet Flow Infrastructure
- 1. IPv4
-
2. IPv6
- Concepts
- Planning and Design Considerations
- Deployment Steps
- Ongoing Maintenance
- Troubleshooting
- Chapter Summary
- Additional Information
-
3. Dynamic Host Configuration Protocol
- Concepts
- Planning and Design Considerations
- Deployment Steps
- Ongoing Maintenance
- Troubleshooting
- Chapter Summary
- Additional Information
- 4. Windows Firewall with Advanced Security
- 5. Policy-Based Quality of Service
- 6. Scalable Networking
-
II. Name Resolution Infrastructure
-
7. Domain Name System
- Concepts
- Planning and Design Considerations
-
Deployment Steps
-
DNS Server Configuration
- DNS Server Requirements
- Installing the DNS Server Roles
- Configuring the DNS Server
-
Configuring Zones
- Configure a Primary Forward Lookup Zone
- To Add a Primary Forward Lookup Zone
- Configure a Secondary Forward Lookup Zone
- To Add a Secondary Forward Lookup Zone
- Configure a WINS Forward Lookup
- To Add a WINS Forward Lookup
- Configure Replication Scope
- To Configure the Replication Scope for an Active Directory–Integrated Zone
- Allowing Zone Transfers
- To Allow a Server to Perform Zone Transfers
- Delegate Authority for a Sub-Domain to a Different Zone
- To Delegate Authority for a Subdomain
- Configure a Stub Zone
- To Add a Stub Zone
- Configure a Conditional Forwarder
- To Add a Conditional Forwarder
- Configure a Reverse Lookup Zone
- To Add a Reverse Lookup Zone
- Using Dnscmd
- DHCP Server Configuration
- DNS Client Configuration
- Configuring Redundant DNS Servers
-
DNS Server Configuration
- Ongoing Maintenance
- Troubleshooting
- Chapter Summary
- Additional Information
-
8. Windows Internet Name Service
- Concepts
- Planning and Design Considerations
- Deployment Steps
- Ongoing Maintenance
- Troubleshooting
- Chapter Summary
- Additional Information
-
7. Domain Name System
-
III. Network Access Infrastructure
-
9. Authentication Infrastructure
- Concepts
- Planning and Design Considerations
-
Deployment Steps
- Deploying Active Directory
-
Deploying PKI
- Configuring the Autoenrollment of Computer Certificates to Computers in an Active Directory Domain
- To Configure an Active Directory Domain for Automatic Enrollment of Computer Certificates
- Using the Certificates Snap-In to Request a Computer Certificate
- To Request a Computer Certificate by Using the Certificates Snap-In
- Using the Certificates Snap-In to Import a Computer Certificate
- To Import a Computer Certificate by Using the Certificates Snap-In
- Executing a CAPICOM Script That Requests a Computer or User Certificate
- Configuring Autoenrollment of User Certificates to Users in an Active Directory Domain
- To Configure User Certificate Enrollment for an Enterprise CA
- Using the Certificates Snap-In to Request a User Certificate
- To Request a User Certificate by Using the Certificates Snap-In
- Using the Certificates Snap-In to Import a User Certificate
- To Import a User Certificate by Using the Certificates Snap-In
- Installing Third-Party Certificate Chains by Using Group Policy
- To Install a Root CA Certificate by Using Group Policy
- To Install an Intermediate CA Certificate by Using Group Policy
- To Manually Install a Root or Intermediate CA Certificate on an Access Client
- Requesting a Certificate via the Web
- Group Policy
-
RADIUS Servers
-
Configuring the Primary NPS Server
- Obtaining and Installing a Computer Certificate
- To Request a Computer Certificate
- To Import the Computer Certificate on the Primary NPS Server
- Configuring NPS Server Properties
- To Configure the Primary NPS Server Computer to Read the Properties of User Accounts in the Domain
- To Enable and Configure Local File Logging for NPS
- To Enable and Configure SQL Server Database Logging for NPS
- To Configure NPS for Different UDP Ports
- Configuring NPS with RADIUS Clients
- To Add a RADIUS Client for NPS
- Using IPsec to Protect RADIUS Traffic
- Configuring the Appropriate Policies
- To Run the Network Policy Server Wizards
- To Add a VSA to a Network Policy
- Configuring the Secondary NPS Server
-
Configuring the Primary NPS Server
-
Using RADIUS Proxies for Cross-Forest Authentication
- Configuring the Certificate Infrastructure
- Configuring the Active Directory Forests for Accounts and Groups
- Configuring the Primary NPS Server on a Computer in the First Forest
- Configuring the Secondary NPS Server on Another Computer in the First Forest
- Configuring the Primary NPS Server on a Computer in the Second Forest
- Configuring the Secondary NPS Server on Another Computer in the Second Forest
-
Configuring the Primary NPS RADIUS Proxy
- To Configure the Primary NPS RADIUS Proxy for RADIUS Ports and Clients
- To Configure the Primary NPS RADIUS Proxy for a Remote RADIUS Server Group Corresponding to the NPS RADIUS Servers in the First Forest
- To Configure the Primary NPS RADIUS Proxy for a Remote RADIUS Server Group Corresponding to the NPS RADIUS Servers in the Second Forest
- To Configure the Primary NPS RADIUS Proxy for a Connection Request Policy to Forward RADIUS Request Messages to the NPS RADIUS Servers in the First Forest
- To Configure the Primary NPS RADIUS Proxy for a Connection Request Policy to Forward RADIUS Request Messages to the NPS RADIUS Servers in the Second Forest
- Configuring the Secondary NPS RADIUS Proxy
- Configuring RADIUS Authentication on the Access Servers
- Using RADIUS Proxies to Scale Authentications
- Ongoing Maintenance
- Troubleshooting Tools
- Chapter Summary
- Additional Information
-
10. IEEE 802.11 Wireless Networks
- Concepts
- Planning and Design Considerations
-
Deploying Protected Wireless Access
- Deploying Certificates
- Configuring Active Directory for Accounts and Groups
- Configuring NPS Servers
- Deploying Wireless APs
- Configuring Wireless Clients
- Ongoing Maintenance
-
Troubleshooting
-
Wireless Troubleshooting Tools in Windows
- TCP/IP Troubleshooting Tools
- The Network Connections Folder
- Netsh Wlan Commands
- Network Diagnostics Framework Support for Wireless Connections
- Wireless Diagnostics Tracing
- NPS Authentication and Accounting Logging
- NPS Event Logging
- SChannel Logging
- SNMP Agent
- Reliability and Performance Snap-In
- Network Monitor 3.1
- Troubleshooting the Windows Wireless Client
- Troubleshooting the Wireless AP
- Troubleshooting the Authentication Infrastructure
-
Wireless Troubleshooting Tools in Windows
- Chapter Summary
- Additional Information
-
11. IEEE 802.1X–Authenticated Wired Networks
- Concepts
- Planning and Design Considerations
- Deploying 802.1X-Authenticated Wired Access
- Ongoing Maintenance
-
Troubleshooting
- Wired Troubleshooting Tools in Windows
- Troubleshooting the Windows Wired Client
- Troubleshooting the 802.1X-Capable Switch
- Troubleshooting the Authentication Infrastructure
- Chapter Summary
- Additional Information
-
12. Remote Access VPN Connections
- Concepts
- Planning and Design Considerations
- Additional Security Considerations
-
Deploying VPN-Based Remote Access
-
Deploying Certificates
- Deploying Computer Certificates
-
Deploying Root CA Certificates
- Root CA Certificates for PEAP-MS-CHAP v2
- To Determine the Root CA from the Computer Certificates Installed on the Authentication Servers
- To Determine Whether a Certificate for the Root CA Is Installed on Your VPN Client
- Root CA Certificates for SSTP Connections
- To Determine the Root CA from the Computer Certificates Installed on the VPN Servers
- To Determine Whether a Certificate for the Root CA Is Installed on Your VPN Client
- Deploying User Certificates
- Configuring Internet Infrastructure
- Configuring Active Directory for User Accounts and Groups
- Configuring RADIUS Servers
- Deploying VPN Servers
- Configuring Intranet Network Infrastructure
- Deploying VPN Clients
-
Deploying Certificates
- Ongoing Maintenance
- Troubleshooting
- Chapter Summary
- Additional Information
-
13. Site-to-Site VPN Connections
- Concepts
- Planning and Design Considerations
-
Deploying Site-to-Site VPN Connections
-
Deploying Certificates
- Deploying Computer Certificates
-
Deploying User Certificates for Calling Routers
- To Configure the Windows Server 2008 CA to Issue Router (Offline Request) Certificates
- To Request a Router (Offline Request) Certificate
- To Export the Router (Offline Request) Certificate to a .CER File
- To Map the .CER Certificate File to the Appropriate User Account
- To Export the Router (Offline Request) Certificate to a .PFX File
- To Import the Router (Offline Request) .PFX Certificate File on the Calling Router
- Configuring Internet Infrastructure
- Configuring Active Directory for User Accounts and Groups
- Configuring RADIUS Servers
- Deploying the Answering Routers
- Installing Computer Certificates
-
Deploying the Calling Routers
- Installing Computer Certificates
- Installing User Certificates
- Configuring the Calling Router’s Connection to the Site
- Installing the Network Access and Policy Services Role
- Running the Routing and Remote Access Server Setup Wizard
- Adding Native IPv6 Capability
- Configuring a Demand-Dial Interface
- Configuring Idle Timeouts or Connection Persistence
- Configuring Demand-Dial Filters
- Configuring EAP-TLS Authentication
- Configuring Site Network Infrastructure
- Configuring Intersite Network Infrastructure
-
Deploying Certificates
- Ongoing Maintenance
- Troubleshooting
- Chapter Summary
- Additional Information
-
9. Authentication Infrastructure
-
IV. Network Access Protection Infrastructure
- 14. Network Access Protection Overview
-
15. Preparing for Network Access Protection
- Evaluation of Your Current Network Infrastructure
- NAP Health Policy Servers
- Health Requirement Policy Configuration
- Remediation Servers
- Chapter Summary
- Additional Information
-
16. IPsec Enforcement
- Understanding IPsec Enforcement
-
Planning and Design Considerations
- Active Directory
- PKI
-
HRAs
- Number of HRAs
- Number of Health Zones
- HRA Discovery by NAP Clients
- HTTP or HTTP over SSL Between NAP Clients and HRAs
- Fault Tolerance Between NAP Clients and HRAs
- Load Distribution Between NAP Clients and HRAs
- Fault Tolerance Between HRAs and NAP CAs
- Load Distribution Between HRAs and NAP CAs
- Lifetime of Health Certificates
- HRA Location
- HRAs and NAP Health Policy Servers
- IPsec Policies
- NAP Clients
-
Deploying IPsec Enforcement
- Configuring Active Directory
- Configuring PKI
-
Configuring HRAs
- Adding the HRA to the IPsec NAP Exemption Group
- Installing a Computer Certificate
- Configuring the Network Policy and Access Services Role
- Configuring the NAP CAs with HRA Permissions
- Configuring the Properties of the HRA
- Configuring the NPS Service on the HRA as a RADIUS Proxy
- Configuring IIS for SSL
- Configuring NAP Health Policy Servers
- Configuring Remediation Servers on the Boundary Network
- Configuring NAP Clients
- IPsec Enforcement Deployment Checkpoint for Reporting Mode
-
Configuring and Applying IPsec Policies
- Configuring and Applying IPsec Policy Settings for the Boundary Network
- Testing Communication with the Computers in the Boundary Network
- Configuring and Applying IPsec Policy Settings for a Subset of Computers in the Secure Network
- Testing Clear Text and Protected Communication with the Subset of Computers in the Secure Network
- Configuring the Network Policy for Noncompliant NAP Clients for Deferred Enforcement
- Configuring IPsec Policy Settings for All of the Computers in the Secure Network
- Configuring the Network Policy for Noncompliant NAP Clients for Enforcement Mode
- Ongoing Maintenance
- Troubleshooting
- Chapter Summary
- Additional Information
-
17. 802.1X Enforcement
- Overview of 802.1X Enforcement
- Planning and Design Considerations
-
Deploying 802.1X Enforcement
- Configuring Active Directory
- Configuring a PEAP-Based Authentication Method
- Configuring 802.1X Access Points
- Configuring Remediation Servers on the Restricted Network
-
Configuring NAP Health Policy Servers
- Installing SHVs
- Configuring RADIUS Server Settings
-
Configuring Health Requirement Policies for 802.1X Enforcement
- To Create a Set of Policies for 802.1X Enforcement of Wireless or Wired Connections
- To Configure the Customized Network Policy Settings
- To Configure Reporting Mode
- To Configure the SHVs for the Required Health Settings
- To Configure the Health Policy Conditions for the Required Health Settings
- To Modify Your Connection Request Policies for 802.1X Enforcement
- Configuring NAP Clients
- 802.1X Enforcement Deployment Checkpoint for Reporting Mode
- Testing Restricted Access
- Configuring the Network Policy for Noncompliant NAP Clients for Deferred Enforcement
- Configuring Network Policy for Enforcement Mode
- Ongoing Maintenance
- Troubleshooting
- Chapter Summary
- Additional Information
-
18. VPN Enforcement
- Understanding VPN Enforcement
- Planning and Design Considerations
-
Deploying VPN Enforcement
- Configuring Active Directory
- Configuring VPN Servers
- Configuring a PEAP-Based Authentication Method
- Configuring Remediation Servers
-
Configuring NAP Health Policy Servers
- Installing SHVs
- Configuring RADIUS Server Settings
-
Configuring Health Requirement Policies for VPN Enforcement
- To Create a Set of Policies for VPN Enforcement
- To Configure the Customized Network Policy Settings
- To Configure Reporting Mode
- To Configure the SHVs for the Required Health Settings
- To Configure Health Policies for System Health Requirements
- To Modify Your Connection Request Policies for VPN Enforcement
- Configuring NAP Clients
- VPN Enforcement Deployment Checkpoint for Reporting Mode
- Testing Restricted Access
- Configuring Deferred Enforcement
- Configuring Network Policy for Enforcement Mode
- Ongoing Maintenance
- Troubleshooting
- Chapter Summary
- Additional Information
-
19. DHCP Enforcement
- Understanding DHCP Enforcement
- Planning and Design Considerations
-
Deploying DHCP Enforcement
- Configuring Remediation Servers
- Configuring NAP Health Policy Servers
- Configuring NAP Clients
- Configuring DHCP Servers
- DHCP Enforcement Deployment Checkpoint for Reporting Mode
- Testing Restricted Access
- Configuring Deferred Enforcement
- Configuring Network Policy for Enforcement Mode
- Ongoing Maintenance
- Troubleshooting
- Chapter Summary
- Additional Information
- Glossary
- A. About the Authors
- B. System Requirements
- C. Microsoft License Terms Microsoft eBook
- D. Windows Server 2008—Resources for Administrators
- Index
Product information
- Title: Windows Server® 2008 Networking and Network Access Protection (NAP)
- Author(s):
- Release date: January 2008
- Publisher(s): Microsoft Press
- ISBN: 9780735624221
You might also like
book
Windows Server® 2008 TCP/IP Protocols and Services
This in-depth technical reference delivers must-know information on TCP/IP for any IT professional working with Windows …
book
Mastering Windows Server® 2008 Networking Foundations
Find in-depth coverage of general networking concepts and basic instruction on Windows Server 2008 installation and …
book
MCTS Windows Server® 2008 Network Infrastructure Configuration: Study Guide
Efficiently prepare for the Windows Server 2008 certification exam with MCTS: Windows Server 2008 Network Infrastructure …
book
Windows Server® 2008 Security Resource Kit
Visit the catalog page for Microsoft® Windows Server 2008™ Security Resource KitVisit the errata page for …