Step by Step : Installing and Configuring

a Network Policy Server in Windows

Server 2012 R2
July 15, 2014
Network Policy Server, what is NPS all about?
NPS enables you to create and enforce organization-wide network access policies
for client health, connection request authentication, and connection request
authorization.
You also can use NPS as a RADIUS proxy to forward connection requests to NPS or
other RADIUS servers that you configure in remote RADIUS server groups.
You can use NPS to implement network-access authentication, authorization, and client
health policies with any combination of the following 3 functions:
RADIUS server
RADIUS proxy
NAP policy server
More information please log in to : http://msdn.microsoft.com/enus/library/cc732912.aspx
This will be a very long step to go through, so please take your time and make sure you
have a working domain lab for you to install & configure NPS
What you will find in my post today will be straight forward process to deploy &
configure NPS, there was many things you can do with NPS.. so please spend some
time browsing to Microsoft technet for more details information
Lets get started by installing NPS role and this NPS role later will be use to support
RADIUS
1 On the Domain server (OSI-ADDS01), open Server Manager, click Add roles and
features

2 Next, on the Select installation type interface, click Role-based or feature based
installation, and then click Next to proceed

3 On the Select destination server interface, click Next

4 On the Select server roles interface, select the Network Policy and Access Services
check box and then click Next

5 On the Select features interface, just click Next to proceed

6 Next, on the Network Policy and Access Services page, click Next

7 Next, on the Select role services interface, click Network Policy Server check box,
and then click Next

8 On the Confirm installation selections interface, click Install

9 Next, verify that our installation was successful, and then click Close

10 Next, on the Server Manager, click Tools and then click Network Policy Server

11 In Network Policy Manager interface, in the navigation pane, right-click NPS

(Local), and then click Register server in Active Directory

12 In the Network Policy Server message box, just click OK to proceed

13 In the subsequent Network Policy Server interface, click OK

14 Next, lets continue with configuring NPS Templates In the Network Policy
Server console, right-click Shared Secrets, and then click New

15 Next, in the New RADIUS Shared Secret Template interface, in the Template
name box, type OSI Security (you can fill in any name you prefer), then in the Shared
secret and Confirm shared secret boxes, type your preferred password and then click
OK

16 Next, right-click RADIUS Clients, and then click New

17 Next, in the New RADIUS Client interface, in the Friendly name box, type OSINPS, then you need to key in the IP Address of the NPS Server, which in my case
172.16.0.106, click Verify to confirm the IP Address, then click Resolve so that it will
identify the correct IP Address, click OK to proceed

18 Next, in the New RADIUS Client interface, under Shared Secret, in the Select an
existing Shared Secrets template area, click OSI Security, and then click OK.

19 Next, lets configure RADIUS accounting for logging purposes

20 In the Accounting Configuration introduction Wizard, click Next

21 On the Select Accounting Options interface, click Log to a text file on the local
computer, and then click Next

22 On the Configure Local File Logging interface, click Next

23 On the Summary interface, click Next

24 On the Conclusion interface, click Close

25 Next, we need to configure and test our RADIUS Client.. In the Network Policy
Server console, expand RADIUS Clients and Servers, then right-click RADIUS
Clients, and then click New

26 In the New RADIUS Client interface, please clear the Enable this RADIUS
client check box, then you can click Select an existing template check box.. verify
that your existing template listed in the list then click OK

We have done installing & configuring NPS in our domain server which OSI-ADDS01
server, now its time for us to configure Routing and Remote Access in RADIUS Client
(OSI-NPS server)
27 On the OSI-NPS Server, open Server Manager, click Add Roles and features

28 On the Before you begin interface, click Next

29 On the Select installation type interface, click Next

30 On the Select destination server, click Next to proceed

31 On the Select server roles interface, click Remote Access box and click Next

32 On the Select features interface, click Next

33 Next, on the Remote Access interface, click Next

34 On the Select role services, make sure you click DirectAccess and VPN (RAS)
check box, and then click Next

35 On the Web Server Role (IIS) interface, proceed with Next

36 On the Select role services interface, proceed with Next

37 On the Confirm installation selections interface, click Install

38 On the Installation progress interface, click close

39 Next, open Server Manager click Tools and click Routing ans Remote Access

40 Next, in the Routing and Remote Access console, right-click NPS (Local), and
then click Configure and Enable Routing and Remote Access

41 On the Routing and Remote Access Server Wizard interface, click Next

42 On the Configuration interface, make sure you click Remote access (dial up or
VPN)

43 ON the Remote Access interface, click VPN check box

44 Next, in the VPN Connection interface, click the network interface named
Ethernet 3, but make sure you clear the Enable security on the selected interface by
setting up static packet filters check box, and then click Next

45 On the IP Address Assignment interface, select From a specified range of

addresses, and then click Next

46 On the Address Range Assignment interface, click New

47 On the New IPv4 Address Range interface, in the Start IP address, type
172.16.0.201, then in the End IP address, type 172.16.0.220, verify that 20 IP addresses
were assigned for remote clients, and then click Next

48 On the Address Range Assignment interface, click Next

49 On the Managing Multiple Remote Access Servers interface, click Yes, set up
this server to work with a RADIUS server, and then click Next

50 On the RADIUS Server Selection interface, in the Primary RADIUS server box,
type ADDS01 In the Shared secret box, type your password and then click Next

51 In the Routing and Remote Access Server Setup Wizard, click Finish

52 In the Routing and Remote Access dialog box, click OK

53 Next, switch to the OSI-ADDS01 domain server so that we can configure a

Network Policy for RADIUS in the Network Policy Server console, expand
Policies, and then click Network Policies, in the details pane, right-click the policy at
the top and bottom of the list, and then click Disable

54 Next, right click Network Policies, and then click New

55 In the New Network Policy Wizard, in the Policy name box, type OSI VPN
Policy, and then in the Type of network access server list, click Remote Access
Server(VPN-Dial up), and then click Next

56 Next, on the Specify Conditions page, click Add, then in the Select condition
dialog box, click NAS Port Type, and then click Add

57 In the NAS Port Type dialog box, select the Virtual (VPN) check box, and then
click OK

58 Next, on the Specify Conditions interface, click Next

59 Next on the Specify Access Permission interface, click Access granted, and then
click Next

60 On the Configure Authentication Methods interface, click Next

61 On the Configure Constraints interface, click Next

62 On the Configure Settings interface, click Next

63 On the Completing New Network Policy interface, click Finish

64 Next, on the Network Policy Server console, verify your setting

65 Now lets test our RADIUS configuration with Windows 8.1 client, switch to
Windows 8.1 client and log in as Administrator, then open Network and Sharing Center
control panel, in the Network and Sharing Center, click Set up a new connection on
network

66 On the Choose a connection option interface, click Connect to a workplace, and

then click Next

67 On the How do you want to connect interface, click Use my Internet connection
(VPN)

68 Click Ill set up an Internet connection later

69 On the Type the Internet address to connect to interface, in the Internet address
box, type 172.16.0.109, in the Destination name box, type OSI VPN, then select the
Allow other people to use this connection check box, and then click Create

70 In the Network And Sharing Center window, right-click the OSI

VPN connection, and then click Properties

71 On the OSI VPN Properties, click the Security tab and then in the Type of VPN
list, click Point to Point Tunneling Protocol (PPTP), then under Authentication,
click Allow these protocols, and then click OK

72 Next, right-click the OSI VPN connection, and then click Connect/Disconnect

73 Next, in Network sign-in, in the User name box, type osi\administrator and
password and then click OK

74 Lastly, wait few second for the VPN connection to be established. Ensure that
your connection is successful