locked
Is it possible to set NAP Remediation actions for AD Computer and User Groups? RRS feed

  • Question

  •  

    Can we set NAP Remediation policies for selected AD Computer OUs or User OUs? For example: forward the client to VLANx in case it is in User OU XXXX?

     

    Thanks and Kind Regards,

    Elif

    Wednesday, August 22, 2007 4:08 PM

Answers

  • Hi,

     

    Yes, you could do this by creating different network policies with conditions that match your AD groups, and then customize the settings to send computers or users that match the conditions to different VLANs.

     

    Keep in mind that policy matching will be affected by the 802.1X authentication mode. Read the following threads to understand a little more how this works, and how it is affected by the fast reconnect setting:

     

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1277019&SiteID=17

     

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=761315&SiteID=17

     

    In summary, I think that prior to a user logging on, the machine will execute a health check (assuming machine authentication is enabled and the machine is domain-joined). Then, user logon will trigger re-authentication. If the user matches a condition in one policy and the computer matches conditions in a different policy, conditions will be applied for the policy that is first in the order, and the other will be ignored. 

     

    -Greg

    Friday, August 24, 2007 4:05 PM