Reading/configuring the DHCP NAP server fragility settings.

The DHCP NAP enabled server (Longhorn server) tries to reach the NPS server to get a response on the client health state to enforce the appropriate policy on the client.

But at times ,when the NPS server is not reachable, the DHCP server needs to decide what policy needs to be enforced on the client.

By default, it gives Full Access to the client machine.

But this default fragility setting can be modified using a netsh command.

To view the current setting:-

>netsh dhcp server show napdeffail

To modify the setting:-

>netsh dhcp server set napdeffail <state>

state: fullaccess or drop or quarantine.

Note that Quarantine refers to Restricted Access.

Drop implies that DHCP packet from the client will be dropped.   

Thanks,

Achint Setia,

Software Design Engineer.

DHCP team, MS.