Configure Trusted Server Groups in Group Policy
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
To configure trusted server groups in Group Policy, configure a NAP client Group Policy object (GPO) and apply this GPO to a NAP client security group with security group filtering. For more information, see Configure NAP Client Security Groups and Configure NAP Enforcement Clients in Group Policy.
Membership in the local Domain Admins group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
Configure trusted server groups in Group Policy
Use the following procedure to deploy trusted server group settings to NAP client computers using Group Policy.
To configure a trusted server group
On a domain controller or member server with the Group Policy Management feature installed, click Start, click Run, type gpmc.msc, and then press ENTER.
In the Group Policy Management console tree, open Group Policy Objects, right-click the name of the GPO you want to edit, and then click Edit. The Group Policy Management Editor opens.
In the Group Policy Management Editor tree, open Computer Configuration\Policies\Windows Settings\Security Settings\Network Access Protection\NAP Client Configuration\Health Registration Settings\Trusted Server Groups.
To add a trusted server group, right-click Trusted Server Groups, and then click New.
Under Group Name, type a name for the trusted server group (for example, Trusted HRA Servers), and then click Next.
Under Add URLs of the health registration authority that you want the client to trust, type the URL for each HRA that you will use to request health certificates on behalf of IPsec NAP client computers. If you do not use Secure Sockets Layer (SSL) for all HRAs in the group, clear the check box next to Require server verification (https:) for all servers in this group.
After you have added HRA servers to the list, click Finish.
In the Group Policy Management Editor tree, right-click NAP Client Configuration, and then click Apply.
Close the Group Policy Management Editor.