locked
NPS: Restrict a user to login only on specific computers RRS feed

  • Question

  • Hello,

    I want to restrict user on wireless lan that they can only connect to it with a specific computer account. I found in this forum following answer:

    https://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/dd7924dc-b1d5-4863-98e0-d9fbe6cc5455/

    There is explained to the create multiple policies:

    Policy 1 Allow Access: Conditiion1: User123 Condition2: ComputerABC

    Policy 2 Allow Access: Condition1: User123 Condition2: ComputerXYZ

    Policy 3: Deny Access: Condition1: User123

    But in network access policy I can only specify user or computer groups but no specific users or computers.

    Where can I configure the specific users and computers?

    Regards,

    Tobias

    Monday, April 23, 2012 12:36 PM

Answers

All replies

  • Hi Tobias,

    Thanks for posting here.

    Creating a user/computer group with containing an individual user or computer we want into it .

    Use Security Groups for 802.1X Authenticated Wireless Access

    http://technet.microsoft.com/en-us/library/dd282989(WS.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Tuesday, April 24, 2012 5:51 AM
  • Hello Tiger,

    thanks for your reply. So I have for each wireless user and for each computer account I want to do wlan with one another group?! That's a bit oversized. It would be better to select within an access policy a specific user/computer account.

    Also for me it is not clear where NPS gets the information on which computer the user is trying to connect to the wlan? I think this depends which information the wlan AP/Controller maps to the RADIUS-Attribute "User-Name". For EAP-TLS this would be the common name. Or does NPS correlates information from other RADIUS Attributes in the Acces-Request packet like "Calling-Station-ID"?

    Regards,

    Tobias
    Tuesday, April 24, 2012 7:29 AM
  • Hi Tobias,


    Thanks for update.

    I am afraid that we can only specify user/computer groups instead a specific user or computer object in network policy condiction

    > Also for me it is not clear where NPS gets the information on which computer the user is trying to connect to the wlan

    We can read that form the links below:

    NPS Processes and Interactions

    http://technet.microsoft.com/en-us/library/dd197567(WS.10).aspx

    How Network Policy Server Works

    http://technet.microsoft.com/en-us/library/dd197603(WS.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Thursday, April 26, 2012 6:05 AM