Setting up Network Policy Server in Windows Server 2022

Posted on 16th June 2023

Overview

Windows Server 2022 includes the Network Policy Server (NPS) role service. NPS is the Microsoft implementation of a Remote Authentication Dial-In User Service (RADIUS) server and proxy. RADIUS is a client/server protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.

NPS as a RADIUS Server

As a RADIUS server, NPS performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VPN) connections.

NPS as a RADIUS Proxy

NPS can also function as a RADIUS proxy. In this configuration, NPS forwards connection requests to other NPS or RADIUS servers that are configured for the same or similar network environments. This allows you to segment user authentication traffic on your network to improve performance, load balancing, or fault tolerance.

Planning for Network Policy Server

RADIUS Client Configuration

Configure each RADIUS client with the IP address of the NPS or NPS proxy as the RADIUS server.

Network Policy

Configure network policies on NPS to authenticate connection requests. Network policies contain the conditions and settings that allow or deny access to the network.

RADIUS Accounting

RADIUS accounting is an optional feature that allows you to collect accounting information about connection requests that are processed by the NPS server. Accounting information can be used to generate usage reports.

Installing Network Policy Server

Install Network Policy Server

To install the Network Policy Server role service:

1. Open Server Manager.
2. On the Dashboard page, click Add roles and features.
3. On the Before you begin page, click Next.
4. On the Installation Type page, select Role-based or feature-based installation, and then click Next.
5. On the Server Selection page, select the server on which you want to install Network Policy Server, and then click Next.
6. On the Server Roles page, expand Network Policy Server, and then click Next.
7. On the Features page, click Next.
8. On the Network Policy Server page, click Next.
9. On the Web Server (IIS) page, click Next.
10. On the Select role services page, click Next.
11. On the Confirm installation selections page, click Install.
12. On the Results page, click Close.

Configure Network Policy Server

After you have installed Network Policy Server, you can use the NPS console to configure local security policies, network policies, RADIUS clients, and RADIUS accounting.

Configuring RADIUS Clients

RADIUS clients are network access servers—such as wireless access points, authenticating switches, remote access servers, and VPN servers—that send connection requests to the NPS server. Connection requests can be either Access-Request or Accounting-Request messages.

Configuring Network Policies

Network policies contain the conditions and settings that allow or deny access to the network. You can use network policies to control access to:

– Wireless networks
– Wired switches
– Remote access servers
– VPN servers

Configuring RADIUS Accounting

Monitoring Network Policy Server

Performance Monitor is the primary tool for monitoring the performance of Network Policy Server. You can use Performance Monitor to monitor such factors as authentication response time, number of authentication requests, and number of accounting requests.

Network Policy Server (NPS) is a role service in Windows Server 2022 that allows you to create and manage network access control (NAC) policies. NPS enables you to authenticate remote users and computers and authorize their access to your network. You can use NPS to enforce corporate compliance with network access policies.

In this article, we’ll show you how to install and configure Network Policy Server on Windows Server 2022.

Installing Network Policy Server

To install Network Policy Server, open the Server Manager console and select “Add Roles and Features”. On the “Before you begin” page, click “Next”.

On the “Installation Type” page, select “Role-based or feature-based installation” and click “Next”.

On the “Server Selection” page, select the server on which you want to install NPS and click “Next”.

On the “Server Roles” page, select “Network Policy Server” and click “Next”.

On the “Confirm installation selections” page, click “Install”.

wait for the installation to complete and click “Close”.

Configuring Network Policy Server

Now that Network Policy Server is installed, we need to configure it. To do this, open the NPS console and click “Configure NPS”.

On the “Welcome to the Network Policy Server Configuration Wizard” page, click “Next”.

On the “Remote Desktop Licensing” page, select “I do not want to configure RADIUS clients now” and click “Next”.

On the “RADIUS Clients” page, click “Next”.

On the “NPS Policies” page, click “Next”.

On the “NPS Policy Conditions” page, select the “Access granted” condition and click “Edit”.

On the “Edit Network Policy Condition” page, select the “Windows Groups” condition and click “Add”.

On the “Select Group” page, select the “Domain Users” group and click “OK”.

On the “Edit Network Policy Condition” page, click “OK”.

On the “NPS Policy Conditions” page, click “Next”.

On the “NPS Policy Settings” page, select the “Grant access” action and click “Next”.

On the “Summary” page, click “Finish”.

Your Network Policy Server is now configured and ready to use.

Testing Network Policy Server

To test your Network Policy Server, open the NPS console and click “Test NPS”.

On the “Welcome to the NPS Test Client” page, click “Next”.

On the “NPS Server” page, enter the name or IP address of your NPS server and click “Next”.

On the “Connection Request Authentication” page, select “PAP” and click “Next”.

On the “User Credentials” page, enter the credentials of a user who has been granted access to your network and click “Next”.

On the “Summary” page, click “Finish”.

If the test is successful, you should see a message saying “The test was successful”.

Troubleshooting Network Policy Server

If you have any problems with your Network Policy Server, the first thing you should do is check the event logs. To do this, open the Event Viewer console and go to “Windows Logs -> Security”.

If you see any error messages, double-click on them to view the details. This will usually give you a good indication of what the problem is.

Another useful tool for troubleshooting Network Policy Server is the NPS Tracing tool. This tool allows you to capture all NPS traffic and save it to a file for later analysis.

To use the NPS Tracing tool, open the NPS console and click “NPS Tracing”.

On the “Welcome to the NPS Tracing Wizard” page, click “Next”.

On the “NPS Server” page, select the NPS server that you want to capture traffic for and click “Next”.

On the “Tracing Options” page, select the “All Events” option and click “Next”.

On the “Summary” page, click “Finish”.

The NPS Tracing tool will now start capturing traffic. To stop capturing traffic, click “Stop”.

You can now view the captured traffic by opening the file in a text editor.

Conclusion

In this article, we’ve shown you how to install and configure Network Policy Server on Windows Server 2022. We’ve also shown you how to test and troubleshoot Network Policy Server.

Previous Post - Smart Home Solutions for Noise Reduction and Soundproofing

Next Post - How to Use the Crop Tool in Affinity Designer