Time
1 hour 27 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Description

Configure Network Policy Server This lesson covers configuring the Network Policy Server (NPS). In this lab-based lesson, participants learn step by step instructions to configure the Network Policy Server for Dialup or VPN connections using the standard configuration process within the wizard. The power shell environment is used to export the NPS configuration by specifying a path to a server. You can also use the power shell environment to view the configuration information via the notepad application.

Video Transcription

00:16
after extolling the network policy service is on to our bar. But we're gonna take action to have to configure some general settings in our NPS environment. So it's going to get our network policy server council open tools
00:30
their policy, Sir. Open up. Our manager counsel
00:34
takes a moment, and then we go get our banter castle up and running. We're going to figure a few general settings here for our environment.
00:43
First centers we're gonna work with is we're going to you
00:46
Look at the drop down list here.
00:48
Under
00:49
are
00:50
stated configuration, who knows? We have on our drop down list. We actually have
00:55
a choice of that access protection radius server for Dallas for VP connections and radius silver for edited out one ex violence or wire connections. So we have three that we could choose from
01:04
we're gonna actually do for our environment. Wasn't going to configure it for VPs. So we're gonna do radius for dialing for VP and connections.
01:15
Go and click on that.
01:17
So we have that setting
01:18
put in place
01:19
head that we're going to
01:22
go to the next step which is configured the VPN or dial up wizard that which pops up when we actually change it to that standard configuration options. We click on that
01:32
and we start our wizard for *** dollop of virtual private double connections.
01:37
What type of connections we could we could do a dial up connection,
01:41
which is,
01:42
uh, stood Houston someplace in the world
01:45
or a virtual private network
01:47
so we could do VPN we're going to do for our purposes, for this lesson is, we're actually going to do a VPN connection so we can actually select the VPN box.
01:57
And that's the default name is it puts in forces virtual private network connections serve you peeing connections.
02:04
We could actually put a different name and there if you wanted to, for
02:07
it could be anything you want.
02:09
But it's a virtual private network. Connections
02:12
is sufficient at a lot of cases, so we go and click on next.
02:16
Now we have a radius clients part of the screen, so
02:22
obviously there's nothing in the radius planets. Hey, we're trying to VP and September connection with authentication. We need to
02:29
actually put in radius. Client radius is remote access dialling user service.
02:34
That's ah
02:35
the way it actually translates out
02:38
in terms of our acronym. So remember, Radius has, even though it's his dial in user service, it also includes VP and Environments. It's not just dial, and it's essentially a remote connection across broadband also, So we're gonna have to click on add here.
02:53
That was our next screen.
02:55
Obviously, we had to put in some data in there
03:00
in our friendly name That's going to start with
03:04
what are we gonna call this?
03:05
Okay, well, let's just say we're gonna be bringing it in through a router somewhere, So let's go put it Ln
03:13
just Ln dash RTR
03:15
That gives us our first half of the puzzle.
03:17
And now we can go and click on
03:21
Verify here.
03:23
So if we put in the
03:23
so basically they're friendly Name is element that Artie Artie are right anyway
03:30
on that and that obviously here for the address or D and s I cook up, verify
03:37
for the family name.
03:38
It's going to say Give me an address to resolve.
03:42
I could actually put in the information for that. Or
03:46
I guess I could you go back to my D. N s name here and put in Ln
03:51
dash RTR
03:53
they click on verify
03:54
and resolve.
03:58
That's a breeze about my I p address associated with that
04:01
actual router.
04:02
Then click out okay.
04:04
And now we actually have to choose the shared secret.
04:09
So
04:11
we'll run. Is
04:13
Thio decide? What we're gonna do is going to be a shared secret or down unless we have none.
04:18
So we're using an existing shared secrets template. We don't have one yet, so we can't use one.
04:24
We can generate one where we can put in the manual shared secret.
04:29
Now, this is if you do generate, you will get a
04:32
piece of
04:33
data that may be
04:36
more complex than you want to generate here and notice how you get a flashing little
04:44
yellow triangle here is not already has claimed support. Long secret. You might need to edit the generated secret
04:49
so we actually have to choose. Well, when I do in that particular case now, we're gonna actually go with this. But what we really want to do is we're gonna make it simple for our purposes of our
05:00
demonstration. We're just gonna do manual here
05:02
head. We then need to get rid of that long secret that we had in there
05:09
and put it are
05:12
or simplistic secret, which is obviously not best practices in a production environment. But we're just going to
05:17
do the demonstration.
05:20
So you put in your
05:21
password for your shared secret, whatever it's going to be. And obviously, if you're gonna do this, you wanted to be a more complex password.
05:30
And what you have those two pieces of in
05:31
if a mission you're going click out okay,
05:35
gives us a radius client. So basically we've said that we have a radius we have. They're such are VPN environment. Our network policy server is on one
05:46
particular server box. Do we have
05:48
another server that's running routing Service's, which is also part of our policy and access virus, so that router needs to be a client to the number policy service. That's why we added it in there.
06:01
So we get at that at it in here. Here we go ahead on next,
06:08
and we now have authentication methods.
06:10
We need to choose an authentic authentication method.
06:14
So notice the default standard. Here's
06:15
Microsoft encrypted authentication version to Emma's Chap V to we could go back if we need backwards compatibility, get of his tap
06:24
itself.
06:25
And if you're going to use it. You have the option to do extensive authentication protocol, which is things such as Microsoft Smartcard or certificate Microsoft protected Extensible Access Protocol or secured password
06:41
Extra extensible ad
06:42
authentication protocol. Chappie to you could actually use any of those that you wanted for that. Obviously you can figure it if you want to see what? Actually, we take a look at that just real quick so they could figure and now actually have to
06:57
give the information that we're gonna have so cancel out of that.
07:00
We're not going to use extensive authentication protocol in this particular environment. Workers shouldn't stick with this chap V two.
07:06
It was who done that. We click on next
07:10
that we need to specify
07:12
some type of user groups.
07:14
This actually is important of groups we could
07:17
normally, if we're gonna do this, we would actually want to put in some user groups. But we don't actually have to for the purpose of what we're doing, because we're just reading it from the active directory remote access users groups.
07:28
So going click out next
07:31
ad. How would I pee folders?
07:33
Do we worry about high P filters? We might. It depends. We can, actually, if we know. For example, we have environment where we have a very specific set of I p addresses they were gonna work with. We could actually put a filter, for example, For
07:46
if you could get input filter, we could say,
07:48
Do not permit the Pakis listed below. You could click out next year.
07:54
Then you could put in information for the destination that work if you wanted to. So if we could block entire ranges of I p addresses
08:01
if we first, we also could select from an existing I P filter template. We don't have one,
08:07
so you can't do it yet. But in the future, when you set one up, you could actually do something for HPV six.
08:13
They were going click out next.
08:16
This is okay. What about encryption?
08:18
Obviously, we want to make sure we encrypt data. It's a VPN. So virtual private network requires description.
08:24
We have to decide what level that we're going to allow. I will get to force our kitchen 128 bit. Are we going to allow less
08:33
secure encryption? Basically, it's encryption, but obviously 40 bit is nowhere near as strong as 128.
08:39
You have to decide what works for you have. I would remember, If you're going across country borders,
08:45
you may run into a situation where the level of encryption is not permitted to be above a certain amount in terms of the policies that you're dealing with. So we're going to click on next year,
08:56
says specify Realm name
09:00
Now Realm name here
09:01
was down to
09:03
communicating back to a UNIX environment. UNIX uses the term around, whereas we used remains slash in active directory. So relevance basically going back to the
09:13
UNIX vibrant for directory service is
09:16
so your eyes pieces a portion of this information in terms of the realm name. You would have to put it in if your eyes P requires that realm name if they should be included.
09:26
And then we also have four authentication removed the realm name from the user name.
09:31
So if you go across your eyes and you need some type of Rome authentication in the process, you want to make sure that before you tried authenticating its active directory, did you also remove it
09:39
when we don't have a situation? But if we did we were put in the realm name. Go ahead and click on next,
09:46
and we get our final screen. Tells us what we've configured, the options we've made. Look, click here on the link for configuration details.
09:56
Bring up a little
09:58
XML based Web page gives our information.
10:01
And we could actually save this of water, too, because it's in the form ethical be saved.
10:07
So there we go. There's our list of what we've done
10:09
going close out of that
10:11
and we're gonna click on finish here,
10:16
add very quickly. It finishes.
10:18
Now we want to do is we'll take that configuration that we just
10:22
we're looking at and we actually want to make sure that we can have that separately. Let's go ahead and open up our shell here.
10:28
Open up our power show environment.
10:31
Ed was good. And get that export it out.
10:33
It's a power show. It's ah, Freddie simple. Come in.
10:37
Good to do export
10:39
dash and then another policy serves and P s
10:43
configuration.
10:46
So we're gonna export that MPs configuration that we have to tell where to export it to. So we have to give it a pass command.
10:52
We had to tell it where to put it on. So this particular case
10:56
is gonna do heroin
10:58
dash d c
11:01
one
11:01
dot
11:05
xml.
11:07
And so we're going to say export the configuration
11:11
two,
11:11
that particular
11:13
path, which in this case is going to be our server
11:16
XML.
11:18
You go ahead in it.
11:20
That will export it for us.
11:22
Go now.
11:24
We need to go on to the next step, which is
11:26
actually
11:28
look at it
11:30
so we can actually look at it right from here. So if we type in, uh, application to do after this note pad
11:37
and then we talked to open up
11:39
Ellen
11:41
dash d c one dot xml
11:46
hit at her.
11:48
You actually launched a note pad with that XML information in there.
11:50
So there we go. We actually have
11:54
everything we just configured
11:56
no one in XML.
11:58
So we have a whole variety of information here, you know? So we have things like myself writing remote access Use win this authentication for all users.
12:05
We have
12:07
radius profiles
12:09
for NPS Embassy.
12:11
They were gonna scroll down here, and we could actually expand it out because scroll across
12:18
that we have
12:20
all kinds of information in terms of our schema. There's
12:22
are
12:24
and p authentication type we have.
12:26
But Microsoft riding remote access server says connections too.
12:31
If you go down this list to find out this is sexually everything we just configured in an XML format.
12:37
So going down here scroll way down to the bottom we get into things like
12:43
Nass Vendor I d if we put one in. So it's a radio standard we have, right?
12:48
Yes, we have things like
12:50
Cisco in here.
12:52
So these are things we could custom could figure
12:54
Ln dash RTR from a reactive use that as our environment
13:01
we have component informations things like
13:03
accounting
13:05
radius proxy
13:09
school down We got
13:11
discarded failure
13:13
It's a very long list. You notice as even as we're going down here
13:16
scrolled out There's a significant amount of data in here.
13:20
So this is your Mexico Radius proxy sdo Microsoft Policy Evaluator
13:26
You have your re mediations server group SDO
13:31
scroll down
13:31
Let's roll down
13:33
that authentication port information like 10 28 and 31 36
13:39
down and you could keep going through this list and you notice what you actually have this and you can actually use that as a template
13:46
two
13:48
figure other
13:50
and P s servers if you need to configure other MPs service
13:54
great clothes out of that.
13:56
Hey, we don't need our
14:00
power shell anymore so we could go ahead close out of our power shell
14:05
and we're back to our MPs Management Council and we could actually go ahead and do additional configuration with us.
14:13
But that's what we need to do. It turns getting our basic configuration set up.
14:16
We now have a functioning network policy service that is set up for
14:20
VPN connectivity.

Up Next

Manage a Network Infrastructure

Helping an organization determine how to build, design, and protect their network is a highly demanded skill. Gain a deep understanding of the requirements needed to securely manage a network infrastructure in less than an hour.

Instructed By

Instructor Profile Image
Michael Boberg
CEO of Broadline Enterprises, LLC
Instructor