Windows Server 2008 Networking and Network Access Protection (NAP) comments and corrections
| Article ID | : | 951752 |
| Last Review | : | April 16, 2008 |
| Revision | : | 1.0 |
On This Page
SUMMARY
This article contains comments, corrections, and information about known errors relating to the Microsoft Press book Windows Server 2008 Networking and Network Access Protection (NAP), 978-0-7356-2422-1.
The following topics are covered:
The following topics are covered:
| • | Page 642: Incorrect information regarding Windows Server 2008 certificate |
| • | Page 643: Incorrect practice label and procedure |
| • | Page 671: Add sentence to end of Netsh NAP Tracing section |
| • | Page 711: Add sentence to end of Netsh NAP Tracing section |
| • | Page 743: Add sentence to end of Netsh NAP Tracing section |
| • | Page 773: Add sentence to end of Netsh NAP Tracing section |
Back to the topMORE INFORMATION
Page 642: Incorrect information regarding Windows Server 2008 certificate
On page 642, the "Creating the Certificate Template for Health Certificates" section contains incorrect information.Change:
"For a Windows Server 2003–based NAP CA, you must manually create a System Health Authentication certificate template so that members of the IPsec exemption group can autoenroll a long-lived health certificate. For a Windows Server 2008–based NAP CA, a System Health Authentication certificate template is included."
To:
"For a Windows Server 2008 or Windows Server 2003–based NAP CA, you must manually create a System Health Authentication certificate template so that members of the IPsec exemption group can autoenroll a long-lived health certificate."
Page 643: Incorrect practice label and procedure
On page 643, the "To Create a Health Certificate Template on a Windows Server 2003–based NAP CA" practice is incorrect.Change:
"To Create a Health Certificate Template on a Windows Server 2003–based NAP CA
1. Click Start, click Run, type certtmpl.msc, and then press ENTER.
2. In the details pane, right-click Workstation Authentication, and then click Duplicate Template. This template is used because it is already configured with the client authentication EKU.
3. On the General tab, under Template Display Name, type System Health Authentication.
4. Select the Publish Certificate In Active Directory check box.
5. Click the Extensions tab, and then click double-click Application Policies.
6. Click Add, and then click New.
7. In the New Application Policy dialog box, under Name, type System Health Authentication, and under Object Identifier, type 1.3.6.1.4.1.311.47.1.1. The Client Authentication application policy will already be present.
8. Click OK three times, and then click the Security tab. Because the WorkStation Authentication template was duplicated, this template should have two application policies: Client Authentication and System Health Authentication.
9. Click Add, type the name of your IPsec NAP exemption group (such as IPsec NAP Exemption), and then click OK.
10. On the Security tab, in the Groups Or User Names list, select the name of your IPsec NAP exemption group, and then select the Allow check box next to Autoenroll. Click OK.
For a Windows Server 2008–based NAP CA, you must ensure that the System Health Authentication certificate template has the appropriate permissions for autoenrollment in the IPsec NAP exemption group."
To:
"To Create a Health Certificate Template on a Windows Server 2008 or Windows Server 2003-Based NAP CA
1. Click Start, click Run, type certtmpl.msc, and then press ENTER.
2. In the details pane, right-click Workstation Authentication, and then click Duplicate Template. This template is used because it is already configured with the client authentication EKU.
3. For a Windows Server 2008-based NAP CA, click Windows Server 2008, Enterprise Edition in the Duplicate Template dialog box, and then click OK.
4. On the General tab, under Template Display Name, type System Health Authentication.
5. Select the Publish Certificate In Active Directory check box.
6. Click the Extensions tab, and then double-click Application Policies.
7. For a Windows Server 2008-based NAP CA, click Add, double-click System Health Authentication, and then click OK.
For a Windows Server 2003-based NAP CA, click Add, and then click New. In the New Application Policy dialog box, under Name, type System Health Authentication, and under Object Identifier, type 1.3.6.1.4.1.311.47.1.1. The Client Authentication application policy will already be present.
8. Click OK three times.
9. Click the Security tab.
10. Click Add, type the name of your IPsec NAP exemption group (such as IPsec NAP Exemption), and then click OK.
11. On the Security tab, in the Groups Or User Names list, select the name of your IPsec NAP exemption group, and then select the Allow check box next to Autoenroll. Click OK.
Page 671: Add sentence to end of Netsh NAP Tracing section
On page 671, an additional sentence should be added to the end of the "Netsh NAP Tracing" section that reads:"In Windows Vista Service Pack 1, the log files are stored in the %SystemRoot%\system32\LogFiles\WMI folder. "
Page 711: Add sentence to end of Netsh NAP Tracing section
On page 711, an additional sentence should be added to the end of the "Netsh NAP Tracing" section that reads:"In Windows Vista Service Pack 1, the log files are stored in the %SystemRoot%\system32\LogFiles\WMI folder. "
Page 743: Add sentence to end of Netsh NAP Tracing section
On page 743, an additional sentence should be added to the end of the "Netsh NAP Tracing" section that reads:"In Windows Vista Service Pack 1, the log files are stored in the %SystemRoot%\system32\LogFiles\WMI folder. "
Page 773: Add sentence to end of Netsh NAP Tracing section
On page 773, an additional sentence should be added to the end of the "Netsh NAP Tracing" section that reads:"In Windows Vista Service Pack 1, the log files are stored in the %SystemRoot%\system32\LogFiles\WMI folder. "
Microsoft Press is committed to providing informative and accurate books. All comments and corrections listed above are ready for inclusion in future printings of this book. If you have a later printing of this book, it may already contain most or all of the above corrections.