Network Policy Server Granular Time Restrictions

I am configuring NPS as a RADIUS authentication source for my wireless clients.

I am trying to differentiate between school hours and after hours as I need to connect certain users to a different network for after hours access to extra resources.

I can setup day and time restrictions but with only to the hour precision. I require at worst 30 minute intervals with 15 minute intervals being ideal.

Does anyone know if this is possible with Microsoft's NPS?


Solution 1:

Yes it is possible.

Step to do:

  1. setup some example time restriction that GUI allows,
  2. dump the NPS config
    with netsh:
    netsh nps export filename="path\file.xml" exportPSK=YES
    with powershell:
    Export-NpsConfiguration -Path <filename>
  3. edit the XML file. These are the droids You are looking for (example): <msNPConstraint xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">TIMEOFDAY("0 00:00-24:00; 1 00:00-02:00 03:00-24:00; 2 00:00-24:00; 3 00:00-24:00; 4 00:00-24:00; 5 00:00-24:00; 6 00:00-24:00")</msNPConstraint>
    I removed 1 hour removed 1 hour for example to show xml effect
    look of denied is done: 1 00:00-02:00 03:00-24:00
    You can adjust to minutes in the XML not GUI.
  4. restore the NPS config from the edited XML file.
    netsh nps import filename="path\file.xml"

ps. In general - You can do a lot more in the XML even add things/attributes/rules that are not possible via GUI.

dump/restore reference: http://technet.microsoft.com/pl-pl/library/cc732059%28v=ws.10%29.aspx