Académique Documents
Professionnel Documents
Culture Documents
Seguridad:
Ubicar maletines y/o mochilas en el gabinete al final de aula de Laboratorio o en los casilleros
asignados al estudiante.
No ingresar con lquidos, ni comida al aula de Laboratorio.
Al culminar la sesin de laboratorio apagar correctamente la computadora y la pantalla, y
ordenar las sillas utilizadas.
Equipos y Materiales:
DVD:
De Windows Server 2012
Gua de Laboratorio
Pg. 1
Procedimiento:
Nota:
Escenario
A. Datum es una empresa de manufactura e ingeniera que tiene su oficina principal en Londres,
Reino Unido. Una oficina de TI est ubicada en Londres y da soporte a la oficina de Londres y otras
sucursales. A. Datum ha implementado un infraestructura basada en Windows Server 2012.
Para ayudar a incrementar la seguridad y que cumpla con sus requerimientos. A. Datum est
requiriendo extender la solucin VPN para que incluya NAP. Necesita establecer una forma de
verificarlo y, si fuese necesario, automticamente traer las computadoras en el cumplimiento cuando
ellas se conecten remotamente utilizando la conexin VPN. Cumplir este objetivo utilizando NPS
para crear un sistema de validacin de la salud del sistema validar la salud del sistema, la red y las
directivas, de igual maenra debe configurar NAP para verificar y remediar la salud del cliente.
Lab Setup
1. Abrir VMware Workstation y crear un snapshot de las mquinas virtuales: LON-DC1, LON-RTR
y LON-CL2.
2. Encender las mquinas virtuales: LON-DC1, LON-RTR y LON-CL2.
Gua de Laboratorio
Pg. 2
Gua de Laboratorio
Pg. 3
Pg. 4
33. In the Client SHV checks box, verify that Client passes all SHV checks is selected.
34. In the SHVs used in this health policy box, select the Windows Security Health Validator
check box.
35. Click OK.
36. Right-click Health Policies, and then click New.
37. In the Create New Health Policy dialog box, in the Policy Name box, type Noncompliant.
38. In the Client SHV checks box, select Client fails one or more SHV checks.
39. In the SHVs used in this health policy area, select the Windows Security Health Validator
check box.
40. Click OK.
Gua de Laboratorio
Pg. 5
Pg. 6
29. Click Permit only the packets listed below, and then click OK.
30. Under IPv4, click Output Filters, and then click New.
31. In the Add IP Filter dialog box, select Source network.
32. In the IP address box, type 172.16.0.10.
33. In the Subnet mask box, type 255.255.255.255, and then click OK.
34. Click Permit only the packets listed below, and then click OK.
35. On the Configure Settings page, click Next.
36. On the Completing New Network Policy page, click Finish.
Gua de Laboratorio
Pg. 7
2. Disable both of the default Connection Request policies that are found under Policy Name by
right-clicking each of the policies, and then clicking Disable.
3.
4. On the Specify Connection Request Policy Name And Connection Type page, in the Policy
name box, type VPN connections.
5. Under Type of network access server, select Remote Access Server (VPN-Dial up), and
then click Next.
6.
7. In the Select Condition dialog box, double-click Tunnel Type, and then select PPTP, SSTP, and
L2TP. Click OK, and then click Next.
8. On the Specify Connection Request Forwarding page, verify that Authenticate requests on
this server is selected, and then click Next.
9. On the Specify Authentication Methods page, select the Override network policy
authentication settings check box.
10. In the EAP Types area, click Add.
11. In the Add EAP dialog box, under Authentication methods, click Microsoft: Protected EAP
(PEAP), and then click OK.
12. Under EAP Types, click Add. In the Add EAP dialog box, under Authentication methods,
click Microsoft: Secured password (EAP-MSCHAP v2), and then click OK.
13. Under EAP Types, click Microsoft: Protected EAP (PEAP), and then click Edit.
14. Verify that Enforce Network Access Protection is selected, and then click OK.
15. Click Next twice, and then click Finish.
Results: After this exercise, you should have installed and configured the required Network
Access Protection (NAP) components, created the health and network policies, and created the
connection request policies.
Gua de Laboratorio
Pg. 8
4. In the Disable Routing and Remote Access dialog box, click Yes.
5. In the Routing and Remote Access console, right-click LON-RTR (local), and then click
Configure and Enable Routing and Remote Access.
6. Click Next, ensure that the Remote access (dial-up or VPN) option is selected, and then click
Next.
7. Select the VPN check box, and then click Next.
8. Click the network interface named Internet. Clear the Enable security on the selected interface
by setting up static packet filters check box, and then click Next.
9. On the Network Selection page, click Next.
10. On the IP Address Assignment page, select From a specified range of addresses, and then
click Next.
11. On the Address Range Assignment page, click New. Type 172.16.0.100 next to Start IP
address, and 172.16.0.110 next to End IP address, and then click OK. Verify that 11 IP
addresses were assigned for remote clients, and then click Next.
12. On the Managing Multiple Remote Access Servers page, verify that No, use Routing and
Remote Access to authenticate connection requests is selected, and then click Next.
13. Click Finish.
14. Click OK three times, and then wait for the Routing and Remote Access Service to start.
15. Switch to Network Policy Server.
16. In the Network Policy Server, click Connection Request Policies, and, in the results pane,
verify that the Microsoft Routing and Remote Access Service Policy is Disabled.
Note: Click Action, and then click Refresh. If the Microsoft Routing and Remote
Access Service Policy is enabled, right-click it, and then click Disable.
17. Close the Network Policy Server management console.
Gua de Laboratorio
Pg. 9
Gua de Laboratorio
Pg. 10
Select Specific ICMP types, select the Echo Request check box, click OK and then click Next.
8.
9.
In the Action window, verify that Allow the connection is selected, and then click Next.
Results: After this exercise, you should have created a VPN server and configured inbound
communications.
Gua de Laboratorio
Pg. 11
Gua de Laboratorio
Pg. 12
Gua de Laboratorio
Pg. 13
29. Expand Network Access Protection, expand System Health Validators, expand Windows
Security Health Validator, and then click Settings.
30. In the right pane, under Name, double-click Default Configuration.
31. On the Windows 8/Windows 7/WindowsVista tab, select the Restrict access for clients that
do not have all available security updates installed check box, and then click OK.
32. Switch to LON-CL2.
33. Right-click Adatum VPN, and then click Connect/Disconnect.
34. In the Networks list on the right, click Adatum VPN, and then click Connect.
35. Switch to the command prompt.
36. Type ipconfig /all, and then press Enter. View the IP configuration. System Quarantine State
should be Restricted.
37. Switch to Network Connections.
38. Right-click Adatum VPN, and then click Connect/Disconnect.
39. In the Networks list on the right, select Adatum VPN, and then click Disconnect.
Results: After this exercise, you should have created a new VPN connection on LON-CL2, and
have enabled and tested NAP on LON-CL2.
Gua de Laboratorio
Pg. 14
Conclusiones:
Indicar las conclusiones que lleg despus de los temas tratados de manera prctica en este
laboratorio.
Gua de Laboratorio
Pg. 15