locked
Why non NAP-capable network policy must be enabled to process group policy? RRS feed

  • Question

  • The issue is that I must have this default network policy  for wired networks enabled in my NPS if I want Windows PCs connected before logging on to domain with user´s credentials.

    But, what really puzzles me is the fact that the policy (non NAP...) isn´t checked. When its enabled, the first policy, compliant policy, is advertised and is the one that lets the computer connect to the net with its account (computer account).

    OS: Windows Server 2008 R2

    Compliant conditions: Healt Policy Compliant; Machine Groups domain\domain computers.

    Non NAP-capable conditions: non NAP-capable; NAS port type Ethernet.


    Thanks in advance.

    Monday, April 29, 2013 6:45 PM

Answers

  • Hi,

    When connecting with 802.1X, two authentication attempts are made by default. The first is a computer authentication and the second is a user authentication. If the NAP agent service is not started yet when the first authentication happens, the computer will appear non NAP-capable. You can make the wired autoconfig service dependent on NAP agent to fix this.

    See http://technet.microsoft.com/en-us/library/dd348450.aspx

    Thanks,

    -Greg

    • Proposed as answer by Jeremy_Wu Thursday, May 2, 2013 6:27 AM
    • Marked as answer by Andrés Pulido Friday, May 3, 2013 6:12 PM
    Wednesday, May 1, 2013 5:20 PM

All replies