1
00:00:02,640 --> 00:00:04,770
Now, there's a couple of different ways to do this.

2
00:00:04,770 --> 00:00:07,820
First, you can do this through the graphical user interface,

3
00:00:07,820 --> 00:00:09,110
G‑U‑I, their GUI,

4
00:00:09,110 --> 00:00:14,440
or you can do this at the PowerShell at the command line using PowerShell.

5
00:00:14,440 --> 00:00:18,170
I'm going to do this using PowerShell because it is really, really simple.

6
00:00:18,170 --> 00:00:21,910
It is literally just one line, and it installs the role, and you're good to go.

7
00:00:21,910 --> 00:00:24,860
If you like to point, click, and shift through GUIs,

8
00:00:24,860 --> 00:00:30,340
knock yourself out, but it is really, really simple to do using PowerShell.

9
00:00:30,340 --> 00:00:33,840
The command that you will run is Install WindowsFeature,

10
00:00:33,840 --> 00:00:38,520
or Install‑WindowsFeature.

11
00:00:38,520 --> 00:00:40,170
The role is called npas.

12
00:00:40,170 --> 00:00:47,090
And then we'll also use the ‑IncludeManagementTools parameter

13
00:00:47,090 --> 00:00:54,440
to obviously include our management tools.

14
00:00:54,440 --> 00:01:00,740
Hit Enter, and you're off to the races.

15
00:01:00,740 --> 00:01:04,480
Now through the magic of video editing, I sped that process up a little bit,

16
00:01:04,480 --> 00:01:07,020
but it doesn't really take long, probably less than a minute,

17
00:01:07,020 --> 00:01:09,780
20 or 30 seconds sometimes depending on the resources.

18
00:01:09,780 --> 00:01:12,980
But ultimately, we have our role installed.

19
00:01:12,980 --> 00:01:15,800
So let's open the Network Policy and Access Management console.

20
00:01:15,800 --> 00:01:21,620
And we can actually do that right from here by just typing in nps.msc.

21
00:01:21,620 --> 00:01:30,840
But just so that everybody knows, if you click on the Start menu,

22
00:01:30,840 --> 00:01:33,660
you will also find it here in the administrative tools.

23
00:01:33,660 --> 00:01:38,480
And probably not a bad idea to pin that to the task bar,

24
00:01:38,480 --> 00:01:43,640
so I'm going to do that now.

25
00:01:43,640 --> 00:01:44,080
All right,

26
00:01:44,080 --> 00:01:47,900
so let's prepare our NPS server. And before we start

27
00:01:47,900 --> 00:01:50,160
creating the actual policies themselves,

28
00:01:50,160 --> 00:01:54,370
we first have to tell RADIUS, or NPS, to accept

29
00:01:54,370 --> 00:01:57,190
authentication requests from our VPN server.

30
00:01:57,190 --> 00:01:57,740
And to do that,

31
00:01:57,740 --> 00:02:02,100
we're going to expand the RADIUS Clients and Servers, and then we're

32
00:02:02,100 --> 00:02:06,810
going to right‑click RADIUS Clients and choose New. And then we'll give

33
00:02:06,810 --> 00:02:09,990
this a friendly name, and I'm just going to use the server's name, but

34
00:02:09,990 --> 00:02:14,740
you can use whatever you like here.

35
00:02:14,740 --> 00:02:18,340
And in this field, you can put in the IP address or the DNS name.

36
00:02:18,340 --> 00:02:21,730
If you're going to use the DNS name, I suggest using the FQDN.

37
00:02:21,730 --> 00:02:31,840
I'm just going to use the server's IPv4 address though.

38
00:02:31,840 --> 00:02:34,630
And the next thing we need to do is define a shared secret.

39
00:02:34,630 --> 00:02:37,650
So there's a shared secret, or password if you will,

40
00:02:37,650 --> 00:02:42,820
that's going to be used by the VPN server to tell the RADIUS server, hey,

41
00:02:42,820 --> 00:02:45,510
I'm an authorized client. You know me. You can

42
00:02:45,510 --> 00:02:47,650
accept my authentication requests.

43
00:02:47,650 --> 00:02:50,440
You can define your own password here.

44
00:02:50,440 --> 00:02:53,040
I prefer just to select the Generate button,

45
00:02:53,040 --> 00:02:56,820
click Generate, and have it create a really stupidly

46
00:02:56,820 --> 00:03:00,010
complex password for me. Choice is up to you.

47
00:03:00,010 --> 00:03:01,600
If you're going to go this route,

48
00:03:01,600 --> 00:03:04,360
go ahead and copy this and save this off to a file

49
00:03:04,360 --> 00:03:10,000
because we're going to need it later. When we configure the VPN server