luke.mccormick Posted September 28, 2009 Share Posted September 28, 2009 Hello all, I'm trying to grasp this whole NAP thing for Server 2008, and I'm starting to kinda get the hang of it and I can get clients denied, and computers with static IPs are fine. My question is, if my network has a DC, a file server, a web server, an RODC, and say a Novell Zenworks ZCM server for OS deployment, and WSUS.I put the RODC and WSUS in the remediation network group, I'm using DHCP NAP. well if my clients aren't already in AD, they can't get the NAP policy. If they can't get the nap policy, they're denied network access. how then do I join the machines to the domain without setting a static IP on each one. Especially, if, say I sysprepped an image, and want to push it out to 30 workstations using ZENworks, even if I temporarily set a static IP on the image..those 30 workstations being deployed are going to attempt to join to the domain at the same time using the same IP?Just looking for a bit of insight, and maybe I'm just too much of a n00b and am completely missing something? Link to comment Share on other sites More sharing options...
luke.mccormick Posted October 6, 2009 Author Share Posted October 6, 2009 bump Link to comment Share on other sites More sharing options...
fizban2 Posted October 12, 2009 Share Posted October 12, 2009 Luke, You are right, if the client is not in AD, then no GPO to turn on the NAP agents. If that is the case then the machine with be quarantined. The servers that are part of your remediation group will allow those machines to be joined to the domain (you have a RODC there) your DHCP server will still server the client an address, just will only allow routes to the servers in the remediation group. Once there you can join the machine to the domain and it can recieve the GPO. For future use, i would suggest turning on the NAP agents during an unattended build process, that way the GPO is only a fail back incase someone tries to turn of the agents. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now