locked
How to prevent or block WORKGROUP users to acces the Domain network RRS feed

  • Question

  • Hello everybody

    I work as a helpdesk in an organization with up to 1200 users. recently the IT Management department decided to run Active Directory. We Joined almost all the users to the domain but some users have not joined their Computers to the domain yet. some of them resist from joining to the domain or some other excuses are the reasons that they ae not joined yet.

    our policy is to prevent the computers or users that are not joined to the domain to access the network.

    Our server is : Windows Server 2016

    So what are possible solutions to make it automatically?

    Is there any way to set a policy for DHCP to not to assign an IP address to these computers?

    in previous versions of windows the NAP service made this operation done. 

    I'm looking for a solution in server 2016.

    Thanks in advance

    Sincerely



    • Edited by Iliadmnd Sunday, August 11, 2019 7:24 AM
    Sunday, August 11, 2019 5:16 AM

All replies

  • Hi,

    you could autoenroll your domain workstations for client certificates then do NAP based on those certificates.


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Sunday, August 11, 2019 8:02 AM
  • Hi,

    Thanks for posting in the forum.

    I recommend you create a new group and add your computers that joined the domain to this group. Then create a network policy with the condition machine group on your server 2016 NPS server.

    Hope it can help you.

    Best regards,

    Hollis


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 12, 2019 8:21 AM
  • Hi,

    Was your question resolved? Just want to confirm the current situations.

    Best regards,

    Hollis


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 14, 2019 5:48 AM
  • Hi,

    Was your question resolved?

    If you resolved it using our solution, please "mark it as answer" to help update this forum.

    If you resolve it using it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please tell us the current situation in order to provide further help.

    Best regards,

    Hollis


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 16, 2019 7:14 AM
  • Hi,

    As this thread has been quiet for a while, we will propose previous reply as answer. If you need further help, you can reply at any time, and you can also choose unmark the answer based on your actual situation.

    Thanks for your understanding and support.

    Best regards,

    Hollis


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 21, 2019 7:27 AM