What should you create?

Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. Server1 has the DHCP Server server role and the
Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3.
Server1 currently provides the same Network Access Protection (NAP) settings to the three
scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 to provide unique NAP enforcement settings to the NAP noncompliant DHCP clients from Scope1.
What should you create?

Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. Server1 has the DHCP Server server role and the
Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3.
Server1 currently provides the same Network Access Protection (NAP) settings to the three
scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)

You need to configure Server1 to provide unique NAP enforcement settings to the NAP noncompliant DHCP clients from Scope1.
What should you create?

A.
A connection request policy that has the Service Type condition

B.
A connection request policy that has the Identity Type condition

C.
A network policy that has the Identity Type condition

D.
A network policy that has the MS-Service Class condition

Explanation:
MS-Service Class
Restricts the policy to clients that have received an IP address from a DHCP scope that
matches the specified DHCP profile name. This condition is used only when you are
deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute,
in Specify the profile name that identifies your DHCP scope, type the name of an existing
DHCP profile.
Open the NPS console, double-click Policies, click Network Policies, and then double-click
the policy you want to configure.
In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to
the Network Access Protection group of conditions.

If you want to configure the Identity Type condition, click Identity Type, and then click Add. In
Specify the method in which clients are identified in this policy, select the items appropriate
for your deployment, and then click OK.
The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec)
enforcement methods to allow client health checks when NPS does not receive an AccessRequest message that contains a value for the User-Name attribute; in this case, client
health checks are performed, but authentication and authorization are not performed.
If you want to configure the MS-Service Class condition, click MS-Service Class, and then
click Add. In Specify the profile name that identifies your DHCP scope, type the name of an
existing DHCP profile, and then click Add.

The MS-Service Class condition restricts the policy to clients that have received an IP
address from a DHCP scope that matches the specified DHCP profile name. This condition
is used only when you are deploying NAP with the DHCP enforcement method.
http: //technet. microsoft. com/en-us/library/cc731560(v=ws. 10). aspx
http: //technet. microsoft. com/en-us/library/cc731220(v=ws. 10). aspx



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Saad

Saad

D
MS-Service Class

Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile.