Network Access Protection

Windows 2008 Server has Network Access Protection which is also known as NAP or NPS. This tool serves an administrative purpose to help organizations compare the security level in a computer on the network to the Server 2008′s policies. This comparison helps to determine if the computer is safe enough to join and use the Server. This is another way to help find if the computer’s ‘health’ is adequate as far as policy and the NAP can also analyze both the anti-virus program and if the firewall is installed. In an upcoming series, Windows 2008 Server will be reviewed.

Information on NAP from TechNet

Microsoft’s Deployment Guide


View Open Files on Server 2008

Before rebooting a server, you should see who has open files so you won’t corrupt data or knock a user offline.

Server 2008 has moved where you can view these.

To see the open files, right click on computer.   Select Manage.  Click Roles – File Services – Share and storage management.  Choose Action and then manage open files.


How to increase Active Directory Speed

Active Directory is one of the mostly widely used models to push policies and to secure your enterprise.

Many IT personnel complain of degrading performance after a period of time.   Although Windows tries to keep Active Directory defragged, the Active Directory database can begin to grow even when you delete users and adjust it.  More on this later….

  • Memory (Always use 64bit Windows – Migrate to Server 2008 R2)  - use 8gb or more when possible
  • Memory Speed – Look for HyperX and other high quality memory
  • Motherboard Choice – FSB, Chipset,  ports, controllers  (Motherboard selection should come after CPU)
  • Processor – select multi-core/multi-CPU
  • Power –  We live in a ‘Green’ world but don’t rob your system of power
  • Hard Disks – Use SATA 6.0 for small / medium enterprises and SCSI for large enterprises
    -Put your OS on one drive, active directory on a second drive
  • Defrag Active Directory (2008)
So how do you defrag Active Directory?


Slow Network?

Do you have a computer that responds slow on the network or hesitates?  Follow these steps and you will see a significant difference. (Because we have not shown how to disable advanced settings in your network card, simply go to your device manager and double click on your network card – disable TCP offload and any advanced settings such as proxy and other settings that may make the card hesitate)

  1. Remove any add-ins on your Browsers that you don’t need
  2. Remove Toolbars
  3. Adjust your MTU Settings
  4. Adjust your Network Speed
  5. Disable LLMNR
  6. Disable all advanced settings on your card
Advanced settings example

Two-step authentication verifies user logins for your computer

PhoneFactor offers a two-step authentication when logging on to your computer.  This helps to verifiy user logins for a workstation or server.

How does it work?

Enter your username and password into your computer.   PhoneFactor then calls you.  Press the # or enter a PIN number or PhoneFactor can send you a text message containing a one-time passcode where you reply with your password or PIN.

A third factor of authentication allows you to speak a short passphrase into your phone during the authentication process.

PhoneFactor is free.  Other packages are available for medium and large organizations.