This checklist provides the tasks required to deploy dial-up and virtual private network (VPN) servers with Network Policy Server (NPS).

Task Reference

Install and configure dial-up and VPN servers.

RADIUS Server for Dial-Up or VPN Connections and your hardware documentation

Determine the authentication method that you want to use.

RADIUS Server for Dial-Up or VPN Connections; Certificate Requirements for PEAP and EAP; and your hardware documentation

Autoenroll a server certificate to servers running NPS or, if you are using Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) only, purchase a server certificate.

Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication on the Microsoft Download Center at

If you are using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or PEAP-TLS without smart cards, autoenroll user certificates, computer certificates, or both user and computer certificates, to domain users and domain member client computers.

Deploy Client Computer Certificates and Deploy User Certificates

Configure dial-up and VPN servers as Remote Authentication Dial-In User Service (RADIUS) clients in NPS.

Add a New RADIUS Client and RADIUS Client

Create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the VPN servers.

Create a Group for a Network Policy

In NPS, configure one or more network policies for dial-up and VPN servers.

Add a Network Policy; Create Policies for Dial-Up or VPN with a Wizard; and Network Policies