Windows 2012 NPS

In NPS if you want to allow  two different authentication protocol types lets say one  for a secure connection and another for none secure like a guest network.

Would you configure your Network policy with the weaker authentication protocol type so your connection policy won't override the network policy if it was a weaker authentication protocol?

What is the best way to do this.

I am try to study for my 70-411 exam

Thanks in Advance!!!!
LVL 20
Who is Participating?
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
Connection Policies allow you to define which methods users are allowed to connect with and how connection attempts are processed. For instance, you can set up a connection policies that allows VPN access, but forces VPN authentication to use a RADIUS server for collecting user and password info. So basically that part just defines *how* users can connect to your network. You'll generally want to have connection policies that don't restrict access. Otherwise you'll have to define lots and lots of connection policies for every conceivable situation.

The Network policy actually determines what users can do on the network once they are connected, or if they can even connect at all. So you would set up guests so they can access a smaller, limited network while properly authenticated users would have access to the entire LAN.

So basically, your connection policy should be more open, while the Network Policy should be more strict.

Think of it like the File Sharing system in Windows. Connection Policies are like the Share Permission, which is used to define who can access the share. Network Policies are like the actual permissions list on the folder itself. The most restrictive policies will always win, so you want to have the first line of defense less restrictive and the second more so. Connection policies are the first line, network policies the second.
compdigit44Author Commented:
This is a great help thanks!!!!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.