{"id":177,"date":"2015-07-13T10:05:53","date_gmt":"2015-07-13T09:05:53","guid":{"rendered":"http:\/\/darko-keric.from.hr\/?p=177"},"modified":"2015-07-13T14:54:12","modified_gmt":"2015-07-13T13:54:12","slug":"dfs-ca-nap-dhcp","status":"publish","type":"post","link":"http:\/\/darko-keric.from.hr\/?p=177","title":{"rendered":"How to DFS, CA, NAP DHCP"},"content":{"rendered":"<p><a href=\"http:\/\/blog.ittoby.com\/2013\/06\/windows-2012-nap-nps-with-dhcp.html\">http:\/\/blog.ittoby.com\/2013\/06\/windows-2012-nap-nps-with-dhcp.html<\/a><a href=\"https:\/\/mizitechinfo.wordpress.com\/2013\/08\/21\/step-by-step-deploy-dfs-in-windows-server-2012-r2\/\" target=\"_blank\"><br \/>\nhttps:\/\/mizitechinfo.wordpress.com\/2013\/08\/21\/step-by-step-deploy-dfs-in-windows-server-2012-r2\/<br \/>\n<\/a><a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/cc772393%28v=ws.10%29.aspx\" target=\"_blank\">https:\/\/technet.microsoft.com\/en-us\/library\/cc772393%28v=ws.10%29.aspx<\/a><\/p>\n<p><strong>CA uloga<\/strong><\/p>\n<ul>\n<li><strong>ad cs<\/strong><\/li>\n<li><strong>certification authority<\/strong><\/li>\n<li><strong>cert auth web enrollment<\/strong><\/li>\n<li><strong>online responder<\/strong><\/li>\n<\/ul>\n<blockquote>\n<ul>\n<li>security<\/li>\n<\/ul>\n<\/blockquote>\n<blockquote>\n<blockquote>\n<ul>\n<li>client certificate mapping authentication<\/li>\n<li>iis slient certification mapping authentication<\/li>\n<\/ul>\n<\/blockquote>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><strong>Konfiguracija autoriteta<\/strong><\/p>\n<ul>\n<li>configure active directory certificate services on the srv\n<ul>\n<li>certification authority<\/li>\n<li>cert auth web enrollment<\/li>\n<li>online responder\n<ul>\n<li>enterprise, root ca<\/li>\n<li>create private key<\/li>\n<li>rsa sha1<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Online responder<\/strong> &#8211; klijentima pru\u017ea informacije o opozvanim certifikatima na osnovi CRL liste. odgovori koji se saljju klijentu moraju biti potpisani certifikatom (izdajemo ga na temelju predlozaka za OCSP protokol)<\/p>\n<ul>\n<li>Certification Authority konzola\n<ul>\n<li>certificate temlates &#8211; manage\n<ul>\n<li>ocsp response signing &#8211; properties &#8211; security\n<ul>\n<li>add &#8211; object types = computer + serverdc<\/li>\n<li>autoenroll i enroll<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>certificate templates &#8211; new &#8211; certificate template to issue\n<ul>\n<li>ocsp response signing<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Certifikat za IIS poslu\u017eitelj<\/strong> &#8211; IIS poslu\u017eitelj na kojem se nalazi online responder mora imati odgovoaraju\u0107i certifikat &#8211; izdajemo ga na osnovu predlo\u017eaka (koji \u0107emo prvo konfigurirati)<\/p>\n<ul>\n<li>Certification Authority konzola\n<ul>\n<li>certificate templates &#8211; manage (konfiguracija)\n<ul>\n<li>web server &#8211; properties &#8211; security\n<ul>\n<li>add &#8211; object types = computer + serverdc<\/li>\n<li>enroll<\/li>\n<\/ul>\n<\/li>\n<li>web server &#8211; duplicate template\n<ul>\n<li>template display name = SERVERDC-IIS-CERT<\/li>\n<li>publich certificate in Active Directory<\/li>\n<li>security + server dc + enroll + autoenroll<\/li>\n<li>superseded templates + add + web server<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>certificate templates &#8211; (izdavanje) &#8211; new &#8211; certificate template to issue\n<ul>\n<li>serverdc-iis-cert<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>IIS konfiguracija<\/strong> &#8211; na IIS poslu\u017eitelju certifikat asociramo s odgovaraju\u0107im web servisom<\/p>\n<p>&#8211; izrada certifikata za cijelu domenu:<\/p>\n<ul>\n<li>IIS manager + serverdc\n<ul>\n<li>server certificates + create domain certificates\n<ul>\n<li>common name: <a href=\"http:\/\/serverdc.racunarstvo.edu\" target=\"_blank\">serverdc.racunarstvo.edu<\/a><\/li>\n<li>organization: <a href=\"http:\/\/racunarstvo.edu\" target=\"_blank\">racunarstvo.edu<\/a><\/li>\n<li>OU: coreServeri; zg, zg, hr<\/li>\n<\/ul>\n<\/li>\n<li>specify online cert auth: select + serverdc<\/li>\n<li>friendy name = <a href=\"http:\/\/serverdc.racunarstvo.edu\" target=\"_blank\">serverdc.racunarstvo.edu<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#8211; SSL kriptiranje komunkacije za web servise IIS servera\n<ul>\n<li>sites + default web sites\n<ul>\n<li>edit bindings + add\n<ul>\n<li>type= https<\/li>\n<li>ssl certificate = <a href=\"http:\/\/serverdc.racunarstvo.edu\" target=\"_blank\">serverdc.racunarstvo.edu<\/a><\/li>\n<\/ul>\n<\/li>\n<li>certSrv\n<ul>\n<li>ssl setting + require ssl +apply<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Konfiguracija mehanizma za opoziv certifikata<\/strong><\/p>\n<ul>\n<li>online responder + revocation configuration + add revocation configuration\n<ul>\n<li>name = SERVERDC-CA-REV<\/li>\n<li>select a certificate for an existing enterprise ca<\/li>\n<li>browse ca certificates published in AD + SERVER DC<\/li>\n<li>automatically select a signing cetificate + autoenroll<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Pristup preko web wervisa preko kojeg klijent moze zatraziti certifikat:<\/p>\n<p><strong><a href=\"https:\/\/serverdc\/certsrv\" target=\"_blank\">https:\/\/serverdc\/certsrv<\/a><\/strong><\/p>\n<p>ili preko mmc konzole<\/p>\n<ul>\n<li>file + add\/remove snap-in\n<ul>\n<li>certificates + add\n<ul>\n<li>certificates + personel + all task + request new certificate + nextalica<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Opoziv certifikata<\/strong><\/p>\n<ul>\n<li>certificate authority konzola<\/li>\n<li>issued certificates (select cert) &#8211; all task &#8211; revoke certificate (reason hold &#8211; certificate hold)<\/li>\n<li>revoked certificate &#8211; all tasks + publish<\/li>\n<\/ul>\n<p><strong>Automatsko izdavanje certifikata<\/strong><\/p>\n<p>&#8211; prvo konfigurirati predlozak za <strong>usera<\/strong><\/p>\n<ul>\n<li>certificate tempaltes + manage\n<ul>\n<li>user + duplicate template\n<ul>\n<li>template display name = OSMIS korisnici + publsh&#8230;.<\/li>\n<li>security &#8211; domain users + enroll + autoenroll<\/li>\n<li>subject mail &#8211; e-mail name iskljuciti<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&#8211; predlozak za <strong>racunalo<\/strong><\/p>\n<ul>\n<li>certificate tempaltes + manage\n<ul>\n<li>computer\n<ul>\n<li>template display name = OSMIS racunala + publish&#8230;.<\/li>\n<li>security &#8211; domain computers + enroll + autoenroll<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&#8211; izdavanje stvorenh predlozaka<\/p>\n<ul>\n<li>certification authority + certificate templates + new certificate template to issue\n<ul>\n<li>osmis racunala i osmis korinsici<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&#8211; <strong>povezivanje<\/strong> predlozaka s korisnicima i racunalima <strong>preko GPa<\/strong><\/p>\n<ul>\n<li>gp managemet + <a href=\"http:\/\/racunarstvo.edu\" target=\"_blank\">racunarstvo.edu<\/a> + create&#8230;. and link it here\n<ul>\n<li>name = certifikati + edit\n<ul>\n<li>comp conf + policies + windows setting + publik key policies + certificate services client &#8211; auto -enrollment + enabled\n<ul>\n<li>renew expired&#8230;..<\/li>\n<li>update&#8230;.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>EFS<\/strong><\/p>\n<p>new folder + properties + sharing + advanced sharing + share this folder + permission + full permissions<\/p>\n<ul>\n<li><strong>ra\u010dun za povrat podataka<\/strong>\n<ul>\n<li>group policy management + <a href=\"http:\/\/racunarstvo.edu\" target=\"_blank\">racunarstvo.edu<\/a> + certifikati (gore kreirani) + edit\n<ul>\n<li>comp conf + policy + wind settings + security settings + public key policies &#8211; encrypting file system + create data recovery agent + gpupdte\/force<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Backup baze certifikata<\/strong><\/p>\n<ul>\n<li>certification authority &#8211; server dc &#8211; all task + backup ca\n<ul>\n<ul>\n<li>item to backup = private key and ca certifikate + cert database + log\n<ul>\n<li>path<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" class=\"alignnone\" alt=\"\" src=\"http:\/\/c.s-microsoft.com\/en-us\/CMSImages\/mslogo.png?version=856673f8-e6be-0476-6669-d5bf2300391d\" width=\"160\" height=\"34\" \/><\/p>\n<p><strong>NAP &#8211; DHCP<\/strong><br \/>\nNAP &#8211; zaduzen za provjeru zdravlja klijenta koji se zele spojiti na domensku mrezu &#8211; ovisno o zdravlju, NAM \u0107e dopustiti pristup mrezi, potpuno izolirati klijenta ili mu dopustiti pristup smo najnuznijim resursima. zdravlje klijenta se odre\u0111uje prema nekoliko kategorija<\/p>\n<ul>\n<li>windows firewall &#8211; ukljucen na svim mreznim vezama i na svim profilima<\/li>\n<li>antivirus &#8211; ukljucen i instaliran s najnovijim definicijama<\/li>\n<li>antisypware aplikacija &#8211; isto kao antivirus<\/li>\n<li>windows azuriranja &#8211; instalirana azuriranja operacijskog sustava &#8211; moguce je odrediti i vrstu azuriranja koja nuzno mra biti instalirana (npr kriticne sigurnosne nadogradnje)<\/li>\n<\/ul>\n<p>Klijenti koji od DHCP servera traze tcp\/ip postavke moraju zadovoljiti uvijete nametnute NAP kriterijima &#8211; ako ne zadovlje, dhcp server ce klijentu polati postvake koje ce mu nemoguciti komunikaciju s ostalim racunalima na mrezi (npr. mreznu masku 255.255.255.255 &#8211; ip adresa bez klase) &#8211; ova vrrsta napa je najlaksa za konfiguraciju i ne zahtijeva certifikacijske servise &#8211; klijentima se eventualno moze dopustiti pristup nuznim resursima (npr serveru s javnim dijeljenm mapama) dok ne isprave propust u zdravstvenom stanju<\/p>\n<ul>\n<li>osnovna konfguracija\n<ul>\n<li>dodat \u0107emo grupu koja ce poslu\u017eiti za smje\u0161taj ra\u010dunala koja podlije\u017eu nap provjeri\n<ul>\n<li>OU racunala + new group (domain local) + properties + add cli1<\/li>\n<\/ul>\n<\/li>\n<li>na cli1 &#8211; mrezne postavke=dhcp + firewall off<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>instalacija i konfiguracija potrebnih uloga (dc)<\/p>\n<ul>\n<li>add role = network policy and access services (dhcp instaliran od prije)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>konfiguracija nap-a<\/strong><\/p>\n<ul>\n<li>network policy server -&gt; nps local -&gt; <span style=\"text-decoration: underline;color: #3366ff\">configre nap<\/span>\n<ul>\n<li>network connection method = dhcp<\/li>\n<li>policy name = <strong>OSMIS<\/strong><\/li>\n<li>nextalica + finish<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>konfiguracija sigurnosno &#8211; zdravstvenih uvijeta za nap klijente<\/p>\n<ul>\n<li>network access protection -&gt; <strong>system health validator<\/strong>s -&gt; windows security health validator + settings + new\n<ul>\n<li>friendly name = firewall\n<ul>\n<li>windows security health validator- iskljuciti sve osim firewalla<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>asocijacija vatrozida sa nap postavkama<\/p>\n<ul>\n<li><strong>policies<\/strong> -&gt; helath policies\n<ul>\n<ul>\n<li>osmis <strong>compliant<\/strong>\n<ul>\n<li>clinet passes one or more SHV checks<\/li>\n<li>setting = firewall<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<li>osmis <strong>noncompliant<\/strong>\n<ul>\n<li>clinet failes one or more SHV checks<\/li>\n<li>setting = firewall<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong><img alt=\"\" src=\"image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZ4AAAH1CAIAAABJLQ\/BAAAgAElEQVR4nO2dz8scV3qoa2T\/IQLvnfCZ22MV8tZgr2LwYj7jRV9n1F6ZTJAXd3GFg\/igSezRdHyZRUYINAsPZnqGyxdNGoPHkicB+XINnY012OooQWAY0IDTWmb02ZXFqTp1flZVd1d3V739PLyY7uqq86OqzvO951S3nDx8+PDP\/vw5giAIGXF2dnZ2dpacnZ392Z8\/N\/r8EUEQRIvxevr9f3ntL7Yar6ffdypFbQRBbDdQG0EQAgO1EQQhMFAbQRACA7URBCEwUBtBEAKjodqSgootqI0giK5E86zNdFlzr6E2giD2ECtNSBMbJqSdjlcvP33uqTLSX9gX\/v1XjE9PXjUOeeb9L7zSvnjpxafPPfXKSx89Gn3+aPSLk\/J1\/lYXZWx34qMPnzHaE6ql1SgbqRqf97G9+DR9quoM7z7UNd17MzoSq661reo11LaXUKOutIy66bVNXr1sffrq5fx1bsMXP3zdKTCXV0BtznB6\/f1XgkPLleZHHz7j19JuOP5dN169HDohxUm2T+nutfLFSy8+fe7yp7uttB+B2gSGY678Sr\/\/SrHx0\/Sp8HjQiZ4zRIvtvtq+eOnF2Mg34hcnexj2u1Vbfla37Ws3UFs0mJDKi4i51Hzw8qcVg\/DVy0+fe\/EkdUbLRx8+89TT6eWTqNpq5np1+rMmqlpGatB++NKLxgS2nPnq3ZRfPiznhroiQ22mnqyZuLXx5KXyI9Uje8rpnlJHbbqbquUnqflHwpqz69MVb7xzWux2pnly\/Yo7wbdtbvbUypejPRIVPEYQF9EUyVBMPtJcJSkFvFrmd49GxXB61Rw25ut8qFTkR9EkUbfWntapVilp5h8VaaNhnHy0f2oZpNR3TG1fvPSi1XJVfm4Bs8yiwatlbZc\/1S03J+nGW1P08cYbbTPbk7ezPJl21uYuFJjXS9VitPmjD59BbXz5o0\/RRG2fG3+9jXFbDGNz0BavY2or9gm6UlcUeWjgJ3S66kBrdSG5bXXVxhAtP4pkbW7tpTLMxUf70UrTtbbgJN0zu8qCf1HVeKdSvd1pZ1xtoYzy8qdG1fJjz1\/ZVf9e297PgqhoqDZjZ38Yl2Nbj5YqtT0afR5P36rU5ozAR8ZYtQetPSYdtVklhBpsm+ILPck9Z2VDpZfNt9VqC00zq1pu9zrWeLuFRvlOO6Nqsx9Gmz2NPikSF\/tS28OHDx8+fJhkWYbaWg5zXuNtDyjG2L8cxvmANEZOrdo+fxRZxatYX9+52qyT42Rt66gt+kWZzdUWmi2upLZ4dpZLeevfv9lr7EttWZZlWYbathJ1T0idKKdF5jB2n5Y2Ulv4iUH8+1Z1E9JmajMtEMg3jX7ZanDWsLajtlUmpLrx5ozYO5MN1Fa9vhkuSlqgNpFR\/b22T1N3GOfWsIaxmquGHjjaT0jd7+7Gv\/Fr2E1\/r636MUJDtdkPIvPSglmbMVs3l+Rr1BZWQEO1NX6M4Da+LOT1918xHnd4aos9FLYqLbK5+scjQgK1iQ371wjBVX87LwutSZVDN6o2q6iKOU701xHhL0asMiG9fPKM34DoE9KiLuNrLhVqK9etar78oSMwnQx+46Sq8ZHTEki1it38L39YJ9x48OqdapmB2oheR8wvvYheN77r8Xr6\/R2EUylqI9qKXtuh140nAoHaiLai13bodeOJQKA2giAEBmojCEJgoDaCIAQGaiMIQmCgNoIgBAZqIwhCYNSr7a8\/+ep\/\/9\/\/RxAE0c3460++Wkdto88fLQEAusqaWRtqA4Aug9oAQCCoDQAEgtoAQCCoDQAEgtoAQCBtqu1v3\/tpx2P35xcA9kLLass6DGoDOBxQGwAIBLUBgEBQGwAIZFdqW0zSJGc0243KXFAbwOGwG7XNRkk6WWRZphwXkttikqpd\/BeoDQBWZCdqayKprRlNg9oADofdZG2LSZq4viqnqOlkUbxJR6PU2Fb8dzKyJ7PG9FaVqzdUWBG1ARwOO3uM4MjHyM0MhQUmpItJahotnSzMOW2+ZTZSG2KzXdQGcGDs\/AmpWnYz0y7lu1lcbToTi20pvFk9kUVtAIfD7r\/8MRslo5mfXlVkbfVqK4uueACL2gAOh12ozfJY\/rDUnlQq2TVUmz8hLZfyqp5BoDaAw2FHWdtspOeepuTM1Tf1djTTLypyNB4jAEAlu5+Qtkrx\/KAJqA3gcOij2owUsObJgQVqAzgc+qi2NUFtAIcDagMAgaA2ABAIagMAgRyW2giCEBmHrrZ9NwEA2menals9fwQAWAHUBgACQW0AIBDUBgACQW0AIBDUBgACQW0AIBDUBgACQW0AIBDUBgACQW0AIBDUBgAC6aja5uOB\/lfAh9OmnZkOV9u\/EfPxYDCeb3jUeoW0dfieUJfDYuNrs5VLvFzxDIu\/JfzCt1Hdlu\/qLqptPh4kZZ+nw6a38nSodmz3lG1yH+tjW7mPW78V\/OZt5W4rrku3iloul+t2XPAtYRZesSVWe5P2bPdmK+mi2tbs8c4uc\/Oj2r2P1z68ttjt3mTt+WgHct9eM3pxS8QKD1aH2hTN1RbucDlHLVOz8VBvmpYvzXOnp0LOH5nyPhsOB8VR5a52vVZFTmPync3J13CqjlIll1W7hZTlF3vqT0KdNdpf1jacWmntdGi1XheTb7SaXbzx2hlurXMy\/cKj2Gpzuha+xEUFsUscPkXFpbTPT\/B6WVvruyznljCvitW80CUObPFbWG43zmf0Qq97zlenL2qbjwd55\/NX8\/HAPB2Bv4flIYH8WW9JBu5fED\/3diqq2Nmpy5asXYhZvmGefBB4nS1LM\/ql7tup3uDkR8YMvSyl4oyZp8XvsrPFKbwCs1Ve19wT51yd2BUM3g\/lubbHdeXFjV4gkbdECL+QXIf+llCPAkWFLtCG53x1eqK2oJViW2p3CB6SmBgtCAvR29n5+xZzxzJ0H5sfmVnnMjQqQpc8v3\/d2zhvk5eyFa2cxtVWe+qcwqswmlV9HmLNi13i2o9iJfsXt+FVjvWiN7dE5LQ0veh2CyvU1qR3K53z1emi2gIXahdqi9wC4Qvg7Gz8UYv9iW54H1e0M34fqzt4OgzfCtNhUsy47Wb7zVtBbXbhwVNnNi7WWbMxseb5zVhZbXUXt9FVrmxYr26JaPOqK3VauBW1tfaYqItqmweekM7d\/Lb+5jbOU77FGGPuTMXe2Vkbci+Sv3Ok5IZX2q050lm\/9vIGnQ79P3LlefRunLmdC9SqzT+ZbuEV17P5hDTSvEDDKu4H\/\/w0uLiNrrJ3VNXOnbwlghfFm34W19bfYp+BCrVVXOj1zvnqdFFtSztZdtcXm\/\/dNksZ2FOEwcC7Nnpd1b5c4VvQ3dmsypBm8TWsmj9iA3dBPtjZQO3lxQ+uFjvFeM3W3xKz2xlsbfxkGoUH78XIY4TAqLObV5tHxO6HwPmJXNyaCyTploisVjhl5m8H7kXXW6wG+98yNLZEL\/Ra53x1Oqq2lmn761BtUpv0NGKHPezyyZTBVm6J+NxUKILVZj7d7vBV3fw+rp55tENPTqYM+nFLdB3BagOAwwW1AYBAOqm2wKpqs9x6pQOtddTI8lE7qx7tsc32bOuX52LY8OR37V6SjkS1BZ8uV9cS2zP2kHvVhrWF2Z6G3WzKYTwd2ORctaK27txL0kFtisjA7toN10THm5csmL2rbe3DYUV6pTbja2nul3lW\/QXyMqKJsor6HyFXNCz+5a2KX26XNdb8ND3UzVjjq7pffjIN77Va27y+Bg7Xv2DXpz3viPrdY+AM+sfGaqxvXvFmMJ6XvyDXf9WK74FFq7bvO\/cW3egH7WvdS1BFV9WW2AzGLf8C2a2lPGC1HyGHGxb76bhXwjxUY8VP06u+196kqEBLrJ56l6FB22IXJXi4J6PSJsWLaF+8VNz\/E1jbvHJD8Ur\/Uqy26vLiBiVumGiN3w+sfC9BDV1Vm5+1ub5z\/sCu+Avk2i2+Kyt86jZsbiUga9TYZIvTzSYHNqx3pbb5F2WNKpr3ZdUanZ2Nn9wrZ0yHg\/F0PMhfzauarUvzDeMcVfErsbbuJaijX2pr7xfItVtWux3Df07dn47LVNsqvyFvR20b\/Grd3Gc6HIzHQ5UZFX6rU1uexdUvbmz7XoI6+qM285aab\/wL5OCW9ScR3u+6wz8d90oITkjdNtv7RLvZpKi6njY5GzUXZZUqYmqrOjZeY5PmWW2YDq0f07q\/5narrtBroFHbvpeghh6pbdnmL5CDW8wSw0lEZOk33jCvhvhjhAodl\/uYv+r3utmkqOqeNjkbdRdlhSqiaqs+dpNfrZvf3jM84v7rJKGqjfLn44E3F97sB+0r3EuH8TWdjemk2gD6BRlV90BtABuD2roHagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgXRFbb\/+x39qEu2fAACQSIfUltWB2gCgIX1W2+L05K2c65+FOrc4PTk5Xax1Xg4Czg\/Ipb9q++z6W8W4XJyeBOXWfOhue5AHy9cb16i9lQbHCkF50H96q7Ymw687amu9UtQGUElv1bZcnJ685Q7Acop6crqw0yJz+3K5XH52vZzMFh\/bxZV7qAnv4vTk5PT0emQKbFfx2fWitMXpyVtvXT\/NW6L3Ojn9rKxUtTNYvjHpNppnNzjQ6+vXT6xaTk4X5va8+OL82D2tLDw\/MeEFAIDu0F+1LS1ROPM6QxYLf7s1g\/3sujJARZ6iSzONY+3vV6HLLbW40FJQ9TsT0kD5RjudGsu3oV5rx5mKN\/4W5OX62Zl13sL9AugFvVZbgVp2MxMcnbJUbDdLiK2FmRmTuY8vGqeKxTJPhpSZDFWV+Y+vNqf86hrdrMrrXXX5jluDPQ33C6AHiFCbyob8hwllthLaXr3FeUxRrzZvjqa8EHpQkDuvNbVFete0\/HhPY89nADpPX9VmDbp8bNrTt9Id3vZGE1JjRUlnhTHRxKsom2ZNCRenJ156FSi\/4YQ02OuQ2vw2mtPkQE\/9YwD6QV\/VtrQWv03JOQvqaoja2+2jr3+m31pD15qN1ajNqcJcNvvs+ltvnVy\/7j1GWJSVVuRozlTRrU7VEel1IGs7CS5Ouj2tKDzfguOg6\/RYbYfF5j7hOQAcEh1SG78h9TC\/lbGxllAbHBJdURsAQIugNgAQCGoDAIGgNgAQCGoDAIGgNgAQCGoDAIGgNgAQCGoDAIH0Xm0Nf8ZAEISYaGIGCWrLAOBgQG0AIBDUBgACQW0AIBDUBgACQW0AIBDUBgACQW0A0D\/u3LlTvQW1AUD\/uHPnjuky522G2gCgj9wpcF5rUBsA9JI7Ns6nqA0A+krMaxlqA4BeE\/RahtoAQCSoDQAEgtoAQCCoDQAEgtoAQCCoDQAEckBqIwjioKKJGXqvNgAAH9QGAAJBbQAgENQGAAJBbQAgENQGAAJBbQAgENQGAAJBbQAgENQGAAJBbQAgENQGAAJBbQAgENQGAAJBbQAgENQGAAJBbQAgENQGAAJBbQAgENQGAAJBbQAgENQGAAJBbQAgENQGAAJBbQAgkG6rbT4eJCXDaWSfwXjevMcAcAB0Xm1aWzGFqe0IDgAM+qO25XQYzNuQGgB49Edt+nU5Sx1Ol37WNh0aE9jpsJzHTodJ6cD5eDAYj4fWVLc8Um2ZjweD4XCQJEkyGE\/H+Yv50mqDLjJiXgDYB51XW2mbUmxKIfkrS23lp7nKpnqDrZ75eKCl5+d9ukxVqfkir6U4gJwRoJN0Xm1B6Ziv\/f\/aZeRKc5KqmnwwSczSnBf2ww0jcQOAriBfbUpq06H9QUBtxoTVKS2gNuaeAJ2mb2pbdUI6X+ZraLWKNPM6dWhMbWYtaA6gk\/RObca00cmkQo8RFNYDBL\/k4rW7shdVm1kLjxEAuki31dYOSAfg4JCuttBkFADEI11tAHCQoDYAEAhqAwCBdFptPwIAiNBvtWUAAB6oDQAEgtoAQCCoDQAEIkhts1HxG6h0sjC6uJikxQejmbElf1O8VwctJqk+2j8wXGrg09UwKwWANpCittmoNMxikpZ2m43068UkVfssJmmaugpz1RY6sMCqwap7LVSlzQWHCgHqEKI2d6zPRrlsghZYTNJ0MhkVH8xG6WiUOmqr0kfbalm1PNQGUIcQtTlZlZFn2QmW\/jSdLGa522ajdDLzjRY60Dw8uN2coS4maToapWqGPJukxVTZ2G7sWWZt5cRafZyLWG8pqsFuAHGkqM0d5zptywzlGBPMUiWzkTkZtLTlHZgZh7tn0rbpaFa60Xyh6koMfao9gxPScn9jlXClqSvAoSJFbdGszUCvnuVqWEzS0Uw5sHoeaiy7ZbF9nOcPQV36YlLt9PfXaZu\/P2oDaIAQtUXX2iyKrYUa1OMEPemLL7E5xYV2WltteovOIsPZZWQLAIQQorbYE1Ire3OzNueZqfVR+MCC0BPS0IQ0pjbzWyjuhNTQqKoXtQGsjhS1ZdHvtRmr8ob7gqta9keBA+0j3I+dpbmqrC0N7GlatXpCmjdt06\/TAQhGkNr6AjkXwPZBbTsHtQFsH9QGAAJBbQAgENQGAALpvdoAAIL0WG0AAOuB2gBAIKgNAASC2gBAIKgNAASC2gBAIKgNAASC2gBAIKgNAASC2gBAIKgNAASC2gBAIKgNAASC2gBAIKgNAASC2gBAIKgNAASC2gBAIKgNAASC2gBAIKgNAATSdbXNx4OkYDhdLufjwWA8X7+\/gXKH02KLWXL+djrUO5QHWhvcYtdoXludAoCCTqttPh4k5ZifDpNkOB4PBuN5cxeE95wOdblaVWG1xTavVN16jQSA9em02gIjflULBPdvslG\/tbbXVY\/aALpBp9UWFZDpnXxaWaZY46GeaRYfu+XY6aBZcuCt8UHAQdOhN182GqBrS+x2BI6a6+1FV+xjpsOKiTAA2PRabZ505uOBs3YWTYg8dZiret4ngQSuOKbwzXSYDMZTrwEBM4aOytf1TPcV02SMBrA6fVabKyPtCG\/Pijq0TyoW1XxJ+fvEjqpupN7TSvPKTcxTAdaj02qLrrWV1rAzmqBZavRg5EfR5wXz8SCipEZqizdSb0mG01CGNh0mCVkbwOp0Wm11T0gNF6iXzdRmKaRJ1qbeDapLMqeWZgleIyuOMh\/XhpsFAI3otNqWse+1Oevu9mME2yxqBzfxKZfx9UfV3\/IIPXhwSnK\/dhdrZOVR8\/FA7cZjBIBN6LraAADWALUBgEBQGwAIBLUBgEBQGwAIpNNq+xEAQIR+qy0DAPDYrtqujieoDQB2z5bUdnU8uTqeJMvlErUBwO7ZktrUp6gNAPYDagMAgYhS22KS6l9+jmZZtpik6WSxu5N5kBgnfTQrtpinPX87G+kdygOtDW6xa1w7rjgUbFdtN2\/e3JnaFpM0KW\/r2ShJRpNJmk4WzW93BsbKzEb6pGtVhdUW2xwBtcFmbEltN2\/evHnz5k7VFripV73RGRirEjxjMYdZ2+vONWqDSobDYfUWOWqLjjFzaOUzpzKLmIz0ZKr42B2Wo1FqzbdmoySxp2C6YKeevCSnXn8HszqzYLeFWbC0ysNV44t5n9GddDKbpMFGesdW1OjkyuZpD7w1Pgg4qDyvejGhQd8DRy309uI6x1oP\/WU4HJouc95mh6Q2b1wtJqmzPOSPN2PkBpaGylWkQgfJaOa+9cezs4NVWelKdai7gFVhh+Dhdn\/0FvNFXmzs2GofZQF1mEue3ieBBM49u7NRId66voeOys+w6b7g2YZ+MyxwXmsORm3ueNPDwNvTL0G\/LgeJOWgXVvrjvPXrXTj7R+py2hPrxaLZ4c4+zouKYytqdNA+qVhU8yXl71PRnYorWF4jM83zLgcIYmjjfCpHbdG1tnJg2H+0V3JB+dpeODf2n42sIZW\/jScLzv6N1RZJPbaotobJjpEfRZ8XLCZpREmN1Ba\/gnpLkXM6jXbPNogg5rVMktrs6Zf\/hNS43dXLhi6wDyoHcFbkKc7cbeZM5UL1RtMbb1YYyHfcBjU63CrEf1FxbEWN9oYmWZt6lwb\/CgWnltV9jx9lpdiRSTCIIOi1TJLaMnvyVC4ql7e0XnI2l5mKI\/OMzM+k0qqlJL1yZezivHXrrVjY9gtyWxgordHhTiHBF9Fj4zVaD1XMhxVRtTl\/goIlud9JrOp79KjFJLXWC5iTHhii1NY+\/KUH6CeorRLUBtBPUBsACAS1AYBAUBsACKT3agMACNJjtQEArAdqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEMhGalsul6gNADrIempTn6I2AOgoqA0ABILaAEAgqA0ABILaAEAgqA0ABNJ5tc3HgyRnOC22DMZzc4fBeL6cDvUO5YHWhtZwGrC9A9erKHx+1mXDwwH2RMfVNh0mxcDSqooM3XZHdBWr1qR38PesPnYTtVVUuklpAD2h22oLjqiYWazt2xyLaydfu8za2lXb2ocD7Iluq205Hw8Sd2RFkybjAyOVU5NZqxCzhNie5UTYTBuTxC\/OUMl4aM+dzcOC+zRop1um17BpsYNR5nBYUalVfrGn\/qQs38iRyzNW1jacWqsARYI9HW5pHQBgFTqutmVg1JuK8T6xM5VimDnrbgG1OXv6ljSKMGbJ5Q7z8aBmNTBvubVPuHar63aZAX0vnYr8rK2iYabJcy\/mO1tnwj8J6ixM9QaMBt2i+2or0EKpWOpyx39uwaq8zxi0oZStcOc0kOhZpYUyQbc6f59g7RXt9Bs2t1sbVFttw5aFyWItjK+45UrDbNAx+qM2M7WJruLPxwNbQ8WR7hwxMtrzPZ3sqfKQNtTWuJ1+w5wnLZuoLdiLOrWpyzIdsiAH3aLTarMGcpOsTb0bGItv4WOMHEMV6+5p1FxOzIyZWrtqi7Uzkl3aDQv1pbnanMJWnZDOl7mQMRt0jE6rbWmtkRvr3HG1OeLRczV\/VaqYwQ0iC\/m6Zm+Nr3Sn0YAKg+RFxad7qzzu8BtmTVKt9btIpVb5A7dipylu76zHCLp7durJ1BT2T9fVBlskOMFcGVwGXQS1HTCbq43JKHSVjdQ2R20A0Ek2UttgPEVtANBBNlTbHLUBQAfptNoSAIAIW1XbuLna\/u7H\/2cNtd0EgF4x3QnbVtsKWdvaansMAP1BgtqWqzwh3URtDwGgJ6C21dR2thnqpG9YCHQWrm9HQG2oDdqE69sRUFsH1Pb7v7+QXJj8vnybXvjx\/Scb1gP7Iay2L69dKJ6mXbq1j2YdHqitE2p7\/lySXHwv1xlq6zMhtd26lFy49uXZ2ZlyXEhuX167oHbxX8BaoLZOqC298OPJG0+\/eVq+RW09JXB9m0gKo7UNauuK2u7\/fpIbrVDb7C+\/p78T+Obp2dnv\/\/75i2+8+T+eTpLk+Wu\/efdikiTJC+\/eVyU8fy5JkiQ593w5sYV9EMravrx2IXF9VU5RL1z7snhz4dKlC8a24r\/XLtmTWWN665ULOaitM2p7cjb7y+8phblZW+G+fElOr83le95\/70KaG42Mb99EHiNoG3m5maGwwIT0y2sXTKNduPalOaclxYuD2jqktu\/+9Jv\/efFdM33Lc7EkSS6+56d1WnnlbiRu+6bmCaladjPTLuW7W3G1aXnFtmy9T70EtXVIbWdnZ1+9+8ILb7yZXvjxV\/\/10RvnLli5WJXa3vjNn7INGwatUPflj1uXkku3\/IcJFVkbalsL1NYttX33p9\/8MPlecvG9r\/7rox8mP1TCenL6ZlXW9uT+uxcT\/QgCze0X\/\/paHssfltqTSiW7hmpjQtoM1NYttZ2dnX317gvqiyBfvftCOWWpUlshRGajHSCYtd26pC+kKTlz9U29vXRLv6jI0XiM0ADU1gG1gSB2en1vXeIbwDFQG2qDNtn+9TVSQHK2OKhtZbUBQC9AbU3VBgA9ArU1VdvRP2SbR1vlEGvEc9uPmzdv\/gg6AGpDbQcUO1NbBnsFtaG2wwrUdiCgNtR2WIHaDgTUtpHaGs75naNQ2x4DtR0IqG1TtTU5xc5RqG2PgdoOBNS2LbXdu3fv3r17WZ3aPniU\/fMnZ+r1a\/Msy7J3rj9Rb+8+KT+qGqu\/zL7+z29\/8LPv2hn5v8z+8CTvQpPaWzOO3YvmnVrpwLtPst\/91tDQNHuYZe84bppmD7\/JXmtRbYtJavwTH+lk0drwXUzSdLJQ\/22tUCGgtq2o7fHjxxcvXjx\/\/vx0Oq1W22vz7Ov5t1pzX\/\/ntz\/\/1ZlWzN\/8+qx2hLertrtPMrMB2rObCOt4Wt\/CDdWmq6g+8LV59nBeOsh5a6ltA8EF1Gaqp0UTobY4qG0rahuNRufPn2+ituc+zrJvMjUU7\/4xO\/n\/ueme+zjLHqyT72xuorYsuVKxu1Hbc7+0hHXzm+zmNKK2drO2LanngNU2HA6rt6C2dtT2k5\/85PHjx+r1jRs3lNfefvvtrMFa290n2TvXnyiXPffL7Ov\/+PaoyObMcfvB\/bzBap5ozhyVHM0teYHF9Pbuk\/LFz391pma+WVYmjDo+eORuNItVCZ0qRzfGtInZ4Lt\/zNumX3xwv\/T1yX2ropja\/NpPivNg1q6rCJ4r6+RrnRUKe+ffywJ\/99tdZW2LSZqORmmSJKNZOWNNJ4ssm42SZDTLsiybjcoX6WSRzUblxHY0O3S1mS5z3maoLWtDbW+\/\/fb58+dffvnlx48f37t3T3nt5Zdf1qe4Wm0fPMp1o8bh3T9mP\/jZd2qjNsUfnpRGU2NeL9LpvE9veW2eGyQv5OMssx2UyzQy5fzgUX5mlEpUIcGqc1d+cuar7Q9PrPabnnJs6ws055vyPATzOLNwpwrnXDBmQ6UAAAc2SURBVJm905PQwGzUlFq7ajONpH2UL7sZZspfFltmI0th5skxpXbAalM6M19rUFsLaptOp1pnzz777Pnz55999lmdxNWqTUlNj2H1QtvHWatqvuUHP\/vu5H72z5+cndzPfv7J2df\/8e1zH+eJkpKXn7JZydrHeRLkGMcUmZ9wBaeHZttUk\/zpdjBrC9T+qzMnXfXV5p8Hq6LCWVb6lpUFbkVt4aytMJv1L4nn2dlols1G6WQ2SfNXi8zZ+bDVlhlG872WobaspQmpStw06tmoPsXValPjXCVrynT\/8q\/fqmnphmpTLlMlq4U8c4KmZnYVDwruPsn+5tdnf\/DSq03Upjp7cr+c29aqzWmh+aAjmLXVqE1J7beluX6X2VPUPahNzToNZqN0MhkpyxV+09NSt5BDVVsWydcUqK21xwjabtPp1DnF1WpTw1VnMWr+mD9MiGvLmn5GJqSqZFWUFpnKepzJps4frWbYxerppDshLXJMM9eLqS3vbPHkpFptwdqDda2kttfm2cNvytno7\/T3P367j6zNdFv5cjYqviaiZ6XG0lthuYNXWxZ6nqBAbW0+Ib169erVq1f9U1yrNmfxPpiYuBmZnpd9E9iix7O1JPfAUFiWZaE5qblIb37DThF8jGAWqBrji0btrwp0HiBUq82vvawrszSqdjO\/LhNTm5qB6mejToG+2rT7\/BdtqC3LyscDepPhO0No1uQVtVWC2vg1wq7j7sZfl9sk1sjCNs3aYB\/IUdsgSfgNacfDnGvvrQ2o7TCQo7bhlH\/5g6gP1HYgyFHbnH\/UiGgQqO1AQG2o7bACtR0IctTGhJRoEjtTG+wdIWrbzWMEAOgREtS23P6EdDenCQD6BWoDAIGgNgAQCGoDAIGgNgAQCGoDAIGgNgAQCGoDAIGgNgAQCGoDAIGgNgAQCGoDAIGgNgAQSIfU9rfv\/RS1AUAroDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEAhqAwCBoDYAEEjv1QYAEKTHagMAWA\/UBgACQW0AIBDUBgACQW0AIBDUBgACQW0AIBDUBgACQW0AIJD9qA0AYDegNgAQCGoDAIHsQm0EQRC7j+2qDQCgI6A2ABAIagMAgaA2ABAIagMAgaA2ABAIagMAgaA2WF5851RqxLr8I7nQZQVqg+XFd04fSKRabftu3VaIjfMD7DJqA9QmB9SmQW2A2uSA2jSoDVCbHFCbBrUBapMDatOgNtim2m4cJzlHV24XG29fOSrf3b5yZH3YIttT2+0rR0W\/kuMbLTX3gXNm1mFHartxvNo127hfFaA2iLIttd04Lgf+7StHejAYN7q5S+tsSW1mV1ruQU\/UduM4OT4+XqGlqA32wnbU5t3ON45zBxSf2I5on+2obZvDtB9qu33l6PjGgxsruA21wV7YitpuXzlyshm9Rd3oW03YHjx4sCW1RUZpOfNWvbp95ejoypVjZ9Ja7pVvKWe2hey7rzZlNvMP1NHx8ZHRrfCWK1eOrRPRlutQG0TZltrcm7dI24yVqq26bZdqc3e4feXI9NfRlduW7NXQNsrSR3VebbnZrG7ljc57GNySnxN1qE7gWwC1QZQ9ZG3q1m\/xb3eInarNfLLgSCqmLfMQddiN7qvNbrTf0+T4RnxLrrQ2zYbaIM6+1tq2vdq2w7U2Q9K+yKrU5tm\/42rTOVv+xtZxbd9vHCfHN1ZZpasHtUGUPT4h3arcdviE1MhDvLlm5YTUXHSz85212LbanAYWq2pWJx543TIOu3GctPxdH9QGUfb6vbYH5qpUu+zye23WPC2stgeBxwjlll48RvBWEFS3j46OzIt8+8pRYEv5dZ92\/5ShNojCrxHEsIdfIwQn2lF7tbrM9uDBA9QGFaA2MXRabe1PRh88QG1QAWoTA78h1aA2QG1yQG0a1AaoTQ6oTYPagP83gijosgK1AYBAUBsACAS1AYBAUBsACAS1AYBAUBsACAS1AYBAUBsACGRNtf3VnX\/7X7fmBEEQ3Yy\/uvNva2ZtBEEQ\/QrURhCEwEBtBEEIDNRGEITAQG0EQQgM1EYQhMBw1UYQBCEjlNr+Gy4AtaYwHT9CAAAAAElFTkSuQmCC\" \/><\/strong><\/p>\n<p><strong>asocijacija nap postavki s dhcp posluziteljem<\/strong><\/p>\n<ul>\n<li>dhcp -&gt; ipv4 -&gt; scope propertis -&gt; network access protection\n<ul>\n<li>enable for this scope<\/li>\n<li>use custom profile (profil name = <strong>osmis<\/strong>)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>definicija posebnih opcija koje ce koristiti izolirani klijenti:<\/p>\n<ul>\n<li>dhcp -&gt; policies -&gt; new policy\n<ul>\n<li>policy name=<strong>osmis<\/strong><\/li>\n<li>add\n<ul>\n<li>criteria = user class<\/li>\n<li>operator= equals<\/li>\n<li>value= default network protection class<\/li>\n<\/ul>\n<\/li>\n<li>no (configure setting for the policy)<\/li>\n<li>015 dns domain name<\/li>\n<li>string name = <a href=\"http:\/\/izolacija.racunarstvo.edu\" target=\"_blank\">izolacija.racunarstvo.edu<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>NAP postavke moramo preko Group Policyja povezati s ra\u010dunalima. GP objekt postavljamo na organizacijsku jedinicu Racunala. Budu\u0107i da ta organizacijska jedinica sadr\u017eava i poslu\u017eitelj SERVER1, primijenit \u0107emo sigurnosni filtar (sjetite se kolegija AOS) na grupu NAP_Racunala koju smo izradili na po\u010detku vje\u017ebe. Tako smo povezali NAP postavke samo s ra\u010dunalima u grupi NAP_Racunala, a ne sa svim ra\u010dunalima unutar organizacijske jedinice. Jednako \u0107emo tako u ovom koraku konfigurirati i tekst poruke koju \u0107e NAP servis prikazati korisnicima \u010dija ra\u010dunala ne zadovoljavaju sigurnosne kriterije.<\/p>\n<ul>\n<li><strong>group policy<\/strong> management\u00a0 + racunala + create a gpo&#8230;.. name= nap_dhcp + edit\n<ul>\n<li><strong>Computer<\/strong> Configuration-&gt; <strong>Policies<\/strong>-&gt; <strong>Windows<\/strong> Settings-&gt; <strong>Security<\/strong> Settings-&gt; <strong>Network Access Protection<\/strong>-&gt;<strong> NAP Client Configuration<\/strong> + <strong>enforcement<\/strong> <strong>clients<\/strong>\n<ul>\n<li>DHCP Quarantine Enforcement Client + enable<\/li>\n<li>User Interface Settings\u00a0 + ser interface\n<ul>\n<li>title = obavijest admina<\/li>\n<li>description = U tijeku je konfiguracija va\u0161eg ra\u010dunala<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>nap_dhcp\n<ul>\n<li>security filtering<\/li>\n<li>remove authenticated users<\/li>\n<li>add NAPgrupa<\/li>\n<\/ul>\n<\/li>\n<li>gpupdate \/force<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>klijentski nap servis<\/p>\n<ul>\n<li>services.msc\n<ul>\n<li>Network Access Protection Agent + start<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>pristup nuznim servisima &#8211; dc<\/p>\n<ul>\n<li>Network Policy Server + policies + network policies + OSMIS Non NAP-Capable\n<ul>\n<li>settings + nap enforcement + configure\n<ul>\n<li>new group<\/li>\n<li>add server dc + resolve<\/li>\n<\/ul>\n<\/li>\n<li>OSMIS Noncompliant\n<ul>\n<li>settings + nap enforcement + configure + domenski sevisi<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>automatsko uskladivanje s nap zahtijevima<\/p>\n<ul>\n<li>privremeno onemoguciti nap da bi klijent mogao primijeniti gp postavke<\/li>\n<li>dhcp + raspon + propertis + network access protection + use default nap profile + apply + disable for this scope + apply<\/li>\n<\/ul>\n<p>Sada mo\u017eemo preko Group Policyja konfigurirati NAP klijentski servis koji \u0107e automatski usuglasiti ra\u010dunalo s NAP stavkama, ali i prikazati poruku koju smo u prethodnoj cjelini konfigurirali za prikaz korisnicima. Iako smo u prethodnoj cjelini taj servis uklju\u010dili na ra\u010dunalu CLI1, to nije dovoljno. NAP \u0107e provjeravati veliki broj ra\u010dunala u produkcijskom okru\u017eenju i svako od njih mora imati uklju\u010den pripadaju\u0107i servis.<\/p>\n<p>Group Policy Management Editor konzola. Pro\u0161irite mapu <strong>Computer<\/strong> Configuration-&gt; <strong>Policies<\/strong>-&gt; <strong>Windows<\/strong> Settings-&gt; <strong>Security<\/strong> Settings-&gt; <strong>System<\/strong> Services. + <strong>nap<\/strong> + <strong>enable<\/strong><\/p>\n<p>ponovno ukljucivanje dhcp nap:<\/p>\n<ul>\n<li>enable for this scope(vidi gore)<\/li>\n<li>use osmis<\/li>\n<\/ul>\n<p><strong>\u00a0DFS<\/strong><\/p>\n<p>add role &#8211; DFS namespace i DFS replication (na 2 servera)<\/p>\n<ul>\n<li>DFS Management\n<ul>\n<li>Namesapce -&gt; New namespace<\/li>\n<li>NAmespace server = &#8220;SERVER1&#8221;<\/li>\n<li>NAmespace NAme and settings -&gt; ime poslovanje,\n<ul>\n<li>Edit settings &#8211; Administrators have full access; other users<br \/>\nhave read-only permissions<\/li>\n<li>next, next create<\/li>\n<\/ul>\n<\/li>\n<li>pro\u0161irite Namespaces\n<ul>\n<li>desnim gumbom mi\u0161a\u00a0 \\\\racunarstvo.edu\\Poslovanje\u00a0 -&gt; Add Namespace Server -&gt; dodati SERVERDC\n<ul>\n<li>desni klik na \\\\racunarstvo.edu\\Poslovanje-&gt; Properties\n<ul>\n<li>Advanced tab -&gt; Uklju\u010dite opciju Enable access-based enumeration for this namespace<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>desnim gumbom mi\u0161a kliknite na \\\\racunarstvo.edu\\Poslovanje i iz<br \/>\nkontekstualnog izbornika odaberite opciju New Folder.<\/li>\n<li>Prikazuje se New Folder ekran. U polje Name upi\u0161ite Arhiva.<\/li>\n<li>Add -&gt; Add Folder Target ekran. Kliknite gumb Browse.\n<ul>\n<li>Prikazuje se Browse for Shared Folders ekran. Kliknite gumb New Shared Folder.<\/li>\n<li>Prikazuje se Create Share ekran. Postavite opcije:<br \/>\na. Share name: upi\u0161ite Arhiva<br \/>\nb. Local path of shared folder: upi\u0161ite C:\\DFS_Shares\\Arhiva<br \/>\nc. Shared folder permissions: ozna\u010dite opciju <strong>Use custom<\/strong> <strong>permissions<\/strong> i kliknite gumb <strong>Customize<\/strong> -&gt; Prikazuje se ekran Permissions for Arhiva. Grupi <strong>Everyone<\/strong> dodijelite <strong>Full Contro<\/strong>l<br \/>\ndozvolu i kliknite gumb OK<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<blockquote>\n<blockquote>\n<ul>\n<li>next, next, ok<\/li>\n<\/ul>\n<\/blockquote>\n<\/blockquote>\n<blockquote>\n<ul>\n<li>Desni klik na mape -&gt; replicate folder\n<ul>\n<li>potrebne dvije mape -&gt; dodati mapu sa drugog servera<\/li>\n<\/ul>\n<\/li>\n<li>Nakon \u0161to smo uspje\u0161no povezali dvije mape na razli\u010ditim poslu\u017eiteljima, konfiguriramo replikaciju:<br \/>\n1. Prikazuje se ekran <strong>Replicated Group and Replicated Folder Name<\/strong>. U polje Replication group<br \/>\n<strong>name<\/strong> upi\u0161ite <strong>REP_Arhiva<\/strong> i kliknite gumb Next.<br \/>\n2. Prikazuje se ekran Replication Eligibility. On prikazuje poslu\u017eitelje s kojih je mogu\u0107e\u00a0 replicirati mapu. Kliknite gumb Next.<br \/>\n3. Prikazuje se ekran <strong>Primary member.<\/strong> Iz izbornika odaberite <strong>SERVER1<\/strong> i kliknite gumb Next.<br \/>\n4. Prikazuje se ekran <strong>Topology Selection<\/strong>. Odaberite stavku <strong>Full Mesh<\/strong> i kliknite gumb Next.<br \/>\nNaglasimo da je Hub-spoke topologija nedostupna jer zahtijeva najmanje tri poslu\u017eitelja.<br \/>\n5. Prikazuje se ekran <strong>Replication Group Schedule<\/strong> and Bandwith. Ostavite predefinirane opcije i<br \/>\nkliknite gumb Next.<br \/>\n6. Prikazuje se sa\u017eetak odabranih opcija. Kliknite gumb Create.<br \/>\n7. Pri\u010dekajte dok se replikacijska topologija ne uspostavi. Mo\u017eebitne pogre\u0161ke pri izradi topologije prikazuju se na kartici Errors.<br \/>\n8. Kliknite gumb Close.<br \/>\n9. Prikazuje se informacija o mogu\u0107em ka\u0161njenju replikacije. Ozna\u010dite opciju Do not show this again i kliknite gumb OK.<br \/>\n10. Minimizirajte DFS Management konzolu.<\/li>\n<\/ul>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>http:\/\/blog.ittoby.com\/2013\/06\/windows-2012-nap-nps-with-dhcp.html https:\/\/mizitechinfo.wordpress.com\/2013\/08\/21\/step-by-step-deploy-dfs-in-windows-server-2012-r2\/ https:\/\/technet.microsoft.com\/en-us\/library\/cc772393%28v=ws.10%29.aspx CA uloga ad cs certification authority cert auth web enrollment online responder security client certificate mapping authentication iis slient certification mapping authentication &nbsp; Konfiguracija autoriteta configure active directory certificate services on the srv certification authority cert auth &hellip; <a href=\"http:\/\/darko-keric.from.hr\/?p=177\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":348,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0},"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/darko-keric.from.hr\/?p=177\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to DFS, CA, NAP DHCP - Sistemski in\u017eenjer\" \/>\n<meta property=\"og:description\" content=\"http:\/\/blog.ittoby.com\/2013\/06\/windows-2012-nap-nps-with-dhcp.html https:\/\/mizitechinfo.wordpress.com\/2013\/08\/21\/step-by-step-deploy-dfs-in-windows-server-2012-r2\/ https:\/\/technet.microsoft.com\/en-us\/library\/cc772393%28v=ws.10%29.aspx CA uloga ad cs certification authority cert auth web enrollment online responder security client certificate mapping authentication iis slient certification mapping authentication &nbsp; Konfiguracija autoriteta configure active directory certificate services on the srv certification authority cert auth &hellip; Continue reading &rarr;\" \/>\n<meta property=\"og:url\" content=\"http:\/\/darko-keric.from.hr\/?p=177\" \/>\n<meta property=\"og:site_name\" content=\"Sistemski in\u017eenjer\" \/>\n<meta property=\"article:published_time\" content=\"2015-07-13T09:05:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-07-13T13:54:12+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/c.s-microsoft.com\/en-us\/CMSImages\/mslogo.png?version=856673f8-e6be-0476-6669-d5bf2300391d\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"darko-keric\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/darko-keric.from.hr\/#website\",\"url\":\"https:\/\/darko-keric.from.hr\/\",\"name\":\"Sistemski in\\u017eenjer\",\"description\":\"System administrator\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/darko-keric.from.hr\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"http:\/\/darko-keric.from.hr\/?p=177#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"http:\/\/c.s-microsoft.com\/en-us\/CMSImages\/mslogo.png?version=856673f8-e6be-0476-6669-d5bf2300391d\",\"contentUrl\":\"http:\/\/c.s-microsoft.com\/en-us\/CMSImages\/mslogo.png?version=856673f8-e6be-0476-6669-d5bf2300391d\"},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/darko-keric.from.hr\/?p=177#webpage\",\"url\":\"http:\/\/darko-keric.from.hr\/?p=177\",\"name\":\"How to DFS, CA, NAP DHCP - Sistemski in\\u017eenjer\",\"isPartOf\":{\"@id\":\"https:\/\/darko-keric.from.hr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/darko-keric.from.hr\/?p=177#primaryimage\"},\"datePublished\":\"2015-07-13T09:05:53+00:00\",\"dateModified\":\"2015-07-13T13:54:12+00:00\",\"author\":{\"@id\":\"https:\/\/darko-keric.from.hr\/#\/schema\/person\/5e2f76737b07a700e0e2a108d173e612\"},\"breadcrumb\":{\"@id\":\"http:\/\/darko-keric.from.hr\/?p=177#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/darko-keric.from.hr\/?p=177\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/darko-keric.from.hr\/?p=177#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/darko-keric.from.hr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to DFS, CA, NAP DHCP\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/darko-keric.from.hr\/#\/schema\/person\/5e2f76737b07a700e0e2a108d173e612\",\"name\":\"darko-keric\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/darko-keric.from.hr\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"http:\/\/0.gravatar.com\/avatar\/0400800f6ebec266fcb39a1cb31b0b0e?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/0.gravatar.com\/avatar\/0400800f6ebec266fcb39a1cb31b0b0e?s=96&d=mm&r=g\",\"caption\":\"darko-keric\"},\"url\":\"http:\/\/darko-keric.from.hr\/?author=348\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/darko-keric.from.hr\/?p=177","og_locale":"en_US","og_type":"article","og_title":"How to DFS, CA, NAP DHCP - Sistemski in\u017eenjer","og_description":"http:\/\/blog.ittoby.com\/2013\/06\/windows-2012-nap-nps-with-dhcp.html https:\/\/mizitechinfo.wordpress.com\/2013\/08\/21\/step-by-step-deploy-dfs-in-windows-server-2012-r2\/ https:\/\/technet.microsoft.com\/en-us\/library\/cc772393%28v=ws.10%29.aspx CA uloga ad cs certification authority cert auth web enrollment online responder security client certificate mapping authentication iis slient certification mapping authentication &nbsp; Konfiguracija autoriteta configure active directory certificate services on the srv certification authority cert auth &hellip; Continue reading &rarr;","og_url":"http:\/\/darko-keric.from.hr\/?p=177","og_site_name":"Sistemski in\u017eenjer","article_published_time":"2015-07-13T09:05:53+00:00","article_modified_time":"2015-07-13T13:54:12+00:00","og_image":[{"url":"http:\/\/c.s-microsoft.com\/en-us\/CMSImages\/mslogo.png?version=856673f8-e6be-0476-6669-d5bf2300391d"}],"twitter_card":"summary","twitter_misc":{"Written by":"darko-keric","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/darko-keric.from.hr\/#website","url":"https:\/\/darko-keric.from.hr\/","name":"Sistemski in\u017eenjer","description":"System administrator","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/darko-keric.from.hr\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"http:\/\/darko-keric.from.hr\/?p=177#primaryimage","inLanguage":"en-US","url":"http:\/\/c.s-microsoft.com\/en-us\/CMSImages\/mslogo.png?version=856673f8-e6be-0476-6669-d5bf2300391d","contentUrl":"http:\/\/c.s-microsoft.com\/en-us\/CMSImages\/mslogo.png?version=856673f8-e6be-0476-6669-d5bf2300391d"},{"@type":"WebPage","@id":"http:\/\/darko-keric.from.hr\/?p=177#webpage","url":"http:\/\/darko-keric.from.hr\/?p=177","name":"How to DFS, CA, NAP DHCP - Sistemski in\u017eenjer","isPartOf":{"@id":"https:\/\/darko-keric.from.hr\/#website"},"primaryImageOfPage":{"@id":"http:\/\/darko-keric.from.hr\/?p=177#primaryimage"},"datePublished":"2015-07-13T09:05:53+00:00","dateModified":"2015-07-13T13:54:12+00:00","author":{"@id":"https:\/\/darko-keric.from.hr\/#\/schema\/person\/5e2f76737b07a700e0e2a108d173e612"},"breadcrumb":{"@id":"http:\/\/darko-keric.from.hr\/?p=177#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/darko-keric.from.hr\/?p=177"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/darko-keric.from.hr\/?p=177#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/darko-keric.from.hr\/"},{"@type":"ListItem","position":2,"name":"How to DFS, CA, NAP DHCP"}]},{"@type":"Person","@id":"https:\/\/darko-keric.from.hr\/#\/schema\/person\/5e2f76737b07a700e0e2a108d173e612","name":"darko-keric","image":{"@type":"ImageObject","@id":"https:\/\/darko-keric.from.hr\/#personlogo","inLanguage":"en-US","url":"http:\/\/0.gravatar.com\/avatar\/0400800f6ebec266fcb39a1cb31b0b0e?s=96&d=mm&r=g","contentUrl":"http:\/\/0.gravatar.com\/avatar\/0400800f6ebec266fcb39a1cb31b0b0e?s=96&d=mm&r=g","caption":"darko-keric"},"url":"http:\/\/darko-keric.from.hr\/?author=348"}]}},"_links":{"self":[{"href":"http:\/\/darko-keric.from.hr\/index.php?rest_route=\/wp\/v2\/posts\/177"}],"collection":[{"href":"http:\/\/darko-keric.from.hr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darko-keric.from.hr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darko-keric.from.hr\/index.php?rest_route=\/wp\/v2\/users\/348"}],"replies":[{"embeddable":true,"href":"http:\/\/darko-keric.from.hr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=177"}],"version-history":[{"count":16,"href":"http:\/\/darko-keric.from.hr\/index.php?rest_route=\/wp\/v2\/posts\/177\/revisions"}],"predecessor-version":[{"id":181,"href":"http:\/\/darko-keric.from.hr\/index.php?rest_route=\/wp\/v2\/posts\/177\/revisions\/181"}],"wp:attachment":[{"href":"http:\/\/darko-keric.from.hr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darko-keric.from.hr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=177"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darko-keric.from.hr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}