Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Internet Authentication Service and Network Policy Server

Internet Authentication Service and Network Policy Server

Internet Authentication Service (IAS) was renamed Network Policy Server (NPS) starting with Windows Server 2008.

Internet Authentication Service

Internet Authentication Service is the Microsoft implementation of a RADIUS server and proxy.

Internet Authentication Service supports two API sets: Network Policy Server Extensions API and Server Data Objects API.

See TechNet: Internet Authentication Service for more information on IAS.

Network Policy Server

Network Policy Server is the Microsoft implementation of a RADIUS server and proxy and it is available on Windows servers starting with Windows Server 2008.

NPS supports the same two API sets as IAS: Network Policy Server Extensions API and Server Data Objects API.

In addition, NPS contains a set of new features that expand the IAS capabilities.

FeatureWhat's new for NPS

Network Access Protection (NAP)

NPS is the central server of Network Access Protection.

NPS supports policy authoring using the following additional conditions:

  • Policy expiration.
  • Operating system version.
  • Access client IP address.
  • Health policies.
  • Allowed EAP types.
  • HCAP.

NPS supports policy authoring using the following additional settings:

  • Probation.
  • Limited access.
  • Extended state for limited access.

NPS, through NAP, interoperates with CISCO NAC.

IAS does not support NAP.

EAP Policy and EAPHost Support

NPS uses EAPHost for EAP method extensibility. Additionally, administrators may configure network access policy for EAP.

IAS does not support EAPHost integration, or EAP type filter conditions for policies.

IPv6 Support

NPS supports deployment in IPv6 environments.

IAS does not support IPv6 network addresses.

XML Configuration

NPS configuration can be imported and exported in XML format.

IAS is using a Jet database for storing service configuration.

Common Criteria Support

NPS has been updated to support its deployment in environments that must meet the Common Criteria security standards.

NPS Extensions API

The NPS extension DLLs run in a separate process from the NPS service. Should an extension DLL crash, NPS will keep running and future requests will be rejected.

The IAS extension DLLs run in the same process as the IAS service and may adversely affect the service.

Management User Interface

The NPS management console (nps.msc) has a new look, improved usability, and covers all the new functionality added to NPS.

IAS uses the ias.msc management console.

Role Management Tool and Server Manager Integration

NPS is integrated with the Server Manager and the Role Management Tool. This integration facilitates the configuration and management of NPS and related scenarios.

Server Manager is not available on computers running IAS.

Updated Command Line Scripting with Netsh

NPS supports the "Netsh nps" command line interface. "Netsh nps" contains new commands that permit to fully configure NPS, including NAP features.

IAS supports the "Netsh aaaa" command line interface.

Policy Isolation

NPS enables the implementation of policy isolation by setting the Network Policy Source. Policies can be configured that are applicable only to a predetermined NAS type.

IAS does not support policy isolation.

 

See TechNet: Network Policy Server for more information on NPS.

Related topics

RADIUS Authentication, Authorization, and Accounting
Logging With Network Policy Server
Working with a State Server

 

 

Show:
© 2015 Microsoft