If you're a network administrator deploying network access servers right and left - such as wireless access points, 802.1X authenticating switches, dial-in servers, and virtual private network (VPN) servers - you'll be happy to know that you don't need to configure network access policies on each of these devices individually.
If your network access servers are compatible with the Remote Authentication Dial-In User Service (RADIUS) protocol, you can use Network Policy Server to centrally configure network access for all of your network access servers.
The new Network Policy Server (NPS) Technical Reference for Windows Server 2016 provides a detailed description of NPS, including how NPS works, and the tools and settings you can use to deploy, administer, and troubleshoot NPS.
You can download this document in Word format from TechNet Gallery, at: Network Policy Server (NPS) Technical Reference for Windows Server 2016
Here is some important additional information you need to know about NPS and NPS documentation in Windows Server 2016 and previous operating system versions:
- NAP is no more. Network Access Protection (NAP), Health Registration Authority (HRA), and Host Credential Authorization Protocol (HCAP) were deprecated in Windows Server 2012 R2, and are not available in Windows Server 2016. If you have a NAP deployment using operating systems earlier than Windows Server 2016, you cannot migrate your NAP deployment to Windows Server 2016 - but you can use Windows Server 2016 as a RADIUS server and RADIUS proxy.
- If you are running Network Policy Server in Windows Server 2008 through Windows Server 2012 R2, you can download the Network Policy Server (NPS) Technical Reference for WS08-WS12 R2 from TechNet Gallery.
- The NPS online documentation is now available in the Windows Server 2016 Networking Technical Library, at: Network Policy Server (NPS)
NPS provides different functionality depending on the edition of Windows Server that you install.
With NPS in Windows Server 2016 Datacenter, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure RADIUS clients by specifying an IP address range.
With NPS in Windows Server 2016 Standard, you can configure a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client by using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the NPS server uses the first IP address returned in the Domain Name System (DNS) query.
For more NPS information, see Network Policy Server (NPS) Technical Reference for Windows Server 2016.
- For news about Microsoft Windows Server and Windows Client Networking documentation, you can follow me on Twitter at @James_McIllece
- You can now also follow the Microsoft Datacenter and Cloud Networking team on Twitter at @Microsoft_SDN