Network Policy Server Granular Time Restrictions
I am configuring NPS as a RADIUS authentication source for my wireless clients.
I am trying to differentiate between school hours and after hours as I need to connect certain users to a different network for after hours access to extra resources.
I can setup day and time restrictions but with only to the hour precision. I require at worst 30 minute intervals with 15 minute intervals being ideal.
Does anyone know if this is possible with Microsoft's NPS?
Solution 1:
Yes it is possible.
Step to do:
- setup some example time restriction that GUI allows,
- dump the NPS config
with netsh:netsh nps export filename="path\file.xml" exportPSK=YES
with powershell:Export-NpsConfiguration -Path <filename>
- edit the XML file. These are the droids You are looking for (example):
<msNPConstraint xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">TIMEOFDAY("0 00:00-24:00; 1 00:00-02:00 03:00-24:00; 2 00:00-24:00; 3 00:00-24:00; 4 00:00-24:00; 5 00:00-24:00; 6 00:00-24:00")</msNPConstraint>
I removed 1 hour
look of denied is done:1 00:00-02:00 03:00-24:00
You can adjust to minutes in the XML not GUI. - restore the NPS config from the edited XML file.
netsh nps import filename="path\file.xml"
ps. In general - You can do a lot more in the XML even add things/attributes/rules that are not possible via GUI.
dump/restore reference: http://technet.microsoft.com/pl-pl/library/cc732059%28v=ws.10%29.aspx