Windows 2012 NPS

In NPS if you want to allow  two different authentication protocol types lets say one  for a secure connection and another for none secure like a guest network.

Would you configure your Network policy with the weaker authentication protocol type so your connection policy won't override the network policy if it was a weaker authentication protocol?

What is the best way to do this.

I am try to study for my 70-411 exam

Thanks in Advance!!!!
LVL 21
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
Connection Policies allow you to define which methods users are allowed to connect with and how connection attempts are processed. For instance, you can set up a connection policies that allows VPN access, but forces VPN authentication to use a RADIUS server for collecting user and password info. So basically that part just defines *how* users can connect to your network. You'll generally want to have connection policies that don't restrict access. Otherwise you'll have to define lots and lots of connection policies for every conceivable situation.

The Network policy actually determines what users can do on the network once they are connected, or if they can even connect at all. So you would set up guests so they can access a smaller, limited network while properly authenticated users would have access to the entire LAN.

So basically, your connection policy should be more open, while the Network Policy should be more strict.

Think of it like the File Sharing system in Windows. Connection Policies are like the Share Permission, which is used to define who can access the share. Network Policies are like the actual permissions list on the folder itself. The most restrictive policies will always win, so you want to have the first line of defense less restrictive and the second more so. Connection policies are the first line, network policies the second.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
compdigit44Author Commented:
This is a great help thanks!!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.