해당 정책에서 New를 클릭합니다.
마법사에 따라 구성합니다.
HRA 서버의 DNS 명에 해당 모듈 까지 추가하여 입력합니다.
먼저 NAP의 Configure System Health Validation을 클릭한다.
Windows Sercurity Health Validator를 더블 클릭한다.
다음과 같이 속성을 지정해 줄 수 있다.
Windows Vista 및 Windpws XP SP3 가 지원 된다.
· System Health Validators : System health validators (SHVs) define configuration requirements for computers that attempt to connect to your network.
· Health Policies : Health policies define which SHVs are evaluated, and how they are used in validating the configuration of computers that attempt to connect to your network. Based on the results of SHV checks, health policies classify client health status.
· Network Policies : Network policies use conditions, settings, and constraints to determine who can connect to the network. There must be a network policy that will be applied to computers that are compliant with the health requirements, and a network policy that will be applied to computers that are noncompliant.
· Connection Request Policies : Connection request policies (CRPs) are conditions and settings that validate requests for network access and govern where this validation is performed.
· RADIUS Clients and Servers : RADIUS clients are network access servers. If you specify a RADIUS client, then a corresponding RADIUS server entry is required on this access server. Remote HRA servers are configured as RADIUS clients on NPS.
· Remediation Server Groups : Remediation server groups allow you to specify servers that are made available to noncompliant NAP clients so that they can remediate their health state and become compliant with health requirements. Because Windows Firewall is the only health requirement for the test lab, no remediation servers are required.
출처 : NAPIPsec_StepByStep (Microsoft)
HRA가 Network Service 계정으로 동작하기 때문에 먼저 인증서를 관리 할 수 있도록 CA에 권한을 추가한다.
Server Manager에서 certification authority를 추가 한다.
현재 설치된 SubCA를 추가했다.
Certification Authorities Properties를 아래의 그림과 같은지 확인한다.