NPS templates in Windows Server 2008 R2

NPS templates, the flagship feature of NPS in Windows Server 2008 R2, provides a huge reduction in cost of ownership and deployment for all NPS environments. NPS templates separate common RADIUS configuration elements such as RADIUS shared secrets and RADIUS clients from the configuration running on the server. When referenced, the NPS setting inherits the values configured in the specified template. A change in the template changes the corresponding value in all of the places in which the template is referenced. For example, a single RADIUS shared secret template can be referenced for multiple RADIUS clients and remote RADIUS servers. When you change the RADIUS shared secret template, the change is inherited by all of the RADIUS clients and remote RADIUS servers in which that RADIUS shared secret template is referenced.

You can also use NPS templates to assist in configuration with referencing them. For example, you can create a RADIUS client template that contains common settings (such as the vendor type or shared secret) for a specific group of RADIUS clients (such as all wireless APs from a specific vendor). When you create a new RADIUS client, you can select the RADIUS client template to obtain the common settings. When you unselect the template, the inherited settings remain and you can configure individual settings, such as the RADIUS client’s IP address.

Note Template settings are not supported by commands in the netsh nps context. Using netsh nps commands will remove the reference to the template and change the configuration element specified in the command.

NPS template settings can also be easily migrated and synchronized across multiple NPS servers.

The following types of configuration elements use templates:

· RADIUS shared secret

· RADIUS clients

· Remote RADIUS servers

· IP filters

· Health policies

· Remediation server groups

You can configure templates for these configuration elements from the Templates Management node of the Network Policy Server snap-in. The following figure shows an example.

For a larger version of this figure, click here.

Individual templates can be added, edited, duplicated, or deleted. After they are configured, they can be referenced and de-referenced in the appropriate dialog boxes in the Network Policy Server snap-in.

The following table lists the different types of templates and where they are used in the Network Policy Server snap-in.

Template	Where it is used
RADIUS shared secret	When creating or configuring RADIUS clients, remote RADIUS server group members, RADIUS client templates, or remote RADIUS server templates
RADIUS clients	When creating or configuring RADIUS clients
Remote RADIUS servers	When creating or configuring remote RADIUS server group members
IP filters	When configuring IP Filters settings for a network policy
Health policies	When creating or configuring health policies
Remediation server groups	When creating or configuring remediation server groups

NAP Product Team

Comments

• Anonymous
  January 01, 2003
  In a previous NAP blog entry , we described the new NPS templates feature in Windows Server 2008 R2.