Ongoing Maintenance

The areas of maintenance for an IPsec enforcement deployment are the following:

Adding a NAP client
Adding a new SHA and SHV
Managing NAP CAs
Managing HRAs

Adding a NAP Client

To add a NAP client, do the following:

Join the NAP client computer to the domain.
Install the SHAs on the NAP client computer.
Add the computer account of the NAP client to the secure network OU or security group.

For a Windows XP SP3–based NAP client, you must also set the HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent\Oakley\IKEFlags registry value to 0x1c.

For a new non–domain-joined NAP client, follow the steps in Configuring NAP Client Settings earlier in this chapter.

Adding a New SHA and SHV

To add a new SHA and SHV to your IPsec enforcement deployment, ...

Get Windows Server® 2008 Networking and Network Access Protection (NAP) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Server® 2008 Networking and Network Access Protection (NAP) by

Ongoing Maintenance

Adding a NAP Client

Adding a New SHA and SHV

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly