You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server
server role and the Network Policy Server role service installed.
You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.
You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients.
Which criteria should you specify when you create the DHCP policy?
A.
The client identifier
B.
The user class
C.
The vendor class
D.
The relay agent information
Explanation:
To configure a NAP-enabled DHCP server
On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and then press ENTER.
In the DHCP console, open <servername>\IPv4.
Right-click the name of the DHCP scope that you will use for NAP client computers, and then click
Properties.
On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for
this scope, verify that Use default Network Access Protection profile is selected, and then click OK.
In the DHCP console tree, under the DHCP scope that you have selected, right-click Scope Options,
and then click Configure Options.
On the Advanced tab, verify that Default User Class is selected next to User class.
Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the
default gateway used by compliant NAP client computers, and then click Add.
Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for
each router to be used by compliant NAP client computers, and then click Add.
Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your
organization’s domain name (for example, woodgrovebank. local), and then click Apply. This domain
is a full-access network assigned to compliant NAP clients.
On the Advanced tab, next to User class, choose Default Network Access Protection Class.
Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the
default gateway used by noncompliant NAP client computers, and then click Add. This can be the
same default gateway that is used by compliant NAP clients.
Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for
each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be
the same DNS servers used by compliant NAP clients.
Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to
identify the restricted domain (for example, restricted. Woodgrovebank. local), and then click OK.
This domain is a restricted-access network assigned to noncompliant NAP clients.
Click OK to close the Scope Options dialog box.
Close the DHCP console.httpHYPERLINK “http://technet.microsoft.com/en-us/library/dd296905(v=ws.10).aspx#_blank”:
//technetHYPERLINK “http://technet.microsoft.com/enus/library/dd296905(v=ws.10).aspx#_blank”.HYPERLINK “http://technet.microsoft.com/enus/library/dd296905(v=ws.10).aspx#_blank”microsoftHYPERLINK “http://technet.microsoft.com/enus/library/dd296905(v=ws.10).aspx#_blank”.HYPERLINK “http://technet.microsoft.com/enus/library/dd296905(v=ws.10).aspx#_blank”com/en-us/library/dd296905%28v=wsHYPERLINK
“http://technet.microsoft.com/en-us/library/dd296905(v=ws.10).aspx#_blank”.HYPERLINK
“http://technet.microsoft.com/en-us/library/dd296905(v=ws.10).aspx#_blank”10%29HYPERLINK
“http://technet.microsoft.com/en-us/library/dd296905(v=ws.10).aspx#_blank”.HYPERLINK
“http://technet.microsoft.com/en-us/library/dd296905(v=ws.10).aspx#_blank”aspx
To configure a NAP-enabled DHCP server
1. On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and then press
ENTER.
2. In the DHCP console, open \IPv4.
3. Right-click the name of the DHCP scope that you will use for NAP client computers, and then
click Properties.
4. On the Network Access Protection tab, under Network Access Protection Settings, choose
Enable for this scope, verify that Use default Network Access Protection profile is selected,
and then click OK.
5. In the DHCP console tree, under the DHCP scope that you have selected, right-click Scope
Options, and then click Configure Options.
6. On the Advanced tab, verify that Default User Class is selected next to User class.
7. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for
the default gateway used by compliant NAP client computers, and then click Add.
8. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP
address for each router to be used by compliant NAP client computers, and then click Add.
9. Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your
organization’s domain name (for example, woodgrovebank. local), and then click Apply. This
domain is a full-access network assigned to compliant NAP clients.
10.On the Advanced tab, next to User class, choose Default Network Access Protection Class.
11.Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for
the default gateway used by noncompliant NAP client computers, and then click Add. This
can be the same default gateway that is used by compliant NAP clients.
12.Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP
address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients.
13.Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a
name to identify the restricted domain (for example, restricted. Woodgrovebank. local), and
then click OK. This domain is a restricted-access network assigned to noncompliant NAP
clients.
14.Click OK to close the Scope Options dialog box.
15.Close the DHCP console.
http : //technet . microsoft . com/en-us/library/dd296905%28v=ws . 10%29 .aspx
The answer is B.
The answer information provided and the identical info provided by jay z has some incorrect information on it starting at step 5. At step 5 is where you configure the policy under the Scope folder of either the IPv4 server or the Scope utilizing User Class conditions.
The MS Page for this info is below, BUT IT IS WRONG!!!!!!
https://msdn.microsoft.com/en-us/library/dd296905(v=ws.10).aspx
The correct information is in the Community Editions portion at the bottom of the page, and states the correct information listed below:
Configuring Options on Windows Server 2012 R2
I tried to find these options In DHCP COnsole on Windows Server 2012, and I think they might be configured as Policies, not Scope Options.
I listed the options bellow so you can see if it’s right or not.
Configure a NAP-enabled DHCP Server
1. On the DHCP server, click Start, click Run, in Open, type dhcpmgmt.smc, and then press ENTER.
2. In the DHCP Console, open \IPv4
3. Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.
4. On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK.
5. In the DHCP console tree, under the DHCP scope that you have selected, right-click Scope Options, and then click Configure Options.
6. On the Advanced tab, verify that DHCP Stardand Options is selected next to User class.
7. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add.
8. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add.
9. Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization’s domain name (for example, woodgrovebank.local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients.
10. In the DHCP console tree, under the DHCP scope that you have selected, right-click Policies, and then click New Policy.
11. In the next Windows, type a policy name and a description for your policy and then Click next
12. In the window Configure Conditions for the policy select Add.
13. In add/edit condition, next to criteria select User Class, and next to Operator leave it Equals
14. In Values select Default Network Access Protection Class and click on Add, OK and then Next.
15. Configure Settings for the policy select an IP range that you want to enable this options or select No to apply to the entire scope.
16. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients.
17. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients.
18. elect the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted.woodgrovebank.local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients.
19. Click Next and in Summary click finish to enable the policie.
15. Close the DHCP Management Console.
Here is a better link that provides images along with the steps involved. This one uses custom profile names.
https://blogs.technet.microsoft.com/teamdhcp/2008/05/28/configuring-custom-nps-policies-per-dhcp-scope/