NPS Knowledge Transfer document: Note this document is a complete document that includes basic/advance & expert level steps. Enayat Meer Install NPS role on primary server Add features 1
2
3
Register NPS in Active directory 4
5
A certificate was installed on NPS server at this point. This is a sample certificate from my own test environment using meer.com domain. I installed AD root CA (sample screen test environment). We already have available certificate in production NPS servers (installed already) Adding radius client 6
7
Let s go and create a shared key template for wireless and wired devices first at this point 8
9
Now I am going back to edit radius client for shared secret using template 10
11
12
Adding vendor from advance tab 13
14
Creating Network Policy 15
16
17
18
I am adding domain users for demo purposes now but, this group should be customized global security group as mentioned later in this document 19
20
Grant access or deny access as needed Use configuratin as shown below for authentaction mehtods 21
22
Edit service type to login 23
24
Add vendor and previllage 25
26
Click on Finish 27
28
Configure log file path 29
30
Install NPS on secondary server now and register in Active Directory 31
32
On the source NPS server such as 39Radius, open Command Prompt, type netsh, and then press Enter. At the netsh prompt, type nps, and then press Enter (sample command is shown in these both screens) 33
OR filename could be Config.xml as hown below 34
This stores configuration settings (including registry settings) in an XML file. The path can be relative or absolute, or it can be a Universal Naming Convention (UNC) path. After you press Enter, a message appears indicating whether the export to file was successful. Copy the file you created to the destination NPS server. At a command prompt on the destination NPS server, type netsh nps import filename="c:\config.xml" and then press Enter. A message appears indicating whether the import from the XML file was successful. Make sure exported file is copied at target location. Active Directory & Group Policy configuration: Sample global security group with one member that can be a condition as I configured domain users group earlier 35
Create a test user and add test user as member of NPSUsers group and follow as pointed in screens below. 36
These are group policy screens pointing action with arrows 37
38
39
40
41
42
43
44
Remote Radisu Server Groups for load balance 45
46
Thank You: Enayat Meer 47