Network Policy server question RRS feed

  • Question

  • We currently have an internal wifi for our notebooks to use. We are currently going to setup a public wifi and we need to block our existing work notebooks from connecting to it. We currently use a network policy server to control our existing internal wifi as we use certificates. If you do not have the certificate based on the RADIUS policy your notebook will not connect to the internal wifi.

    For the public wifi, we would like to create a rule that says if your PC is joined to the domain deny access but if your pc is not joined to a domain such as a personal computer, you may join the public wifi.

    If this can be accomplished, what is the best way to set this up.

    • Moved by Amy Wang_ Wednesday, June 22, 2016 2:29 AM NAP related from DS forum
    Tuesday, June 21, 2016 11:06 AM


  • Hi bubba1984,

    According to your description, I think you need to add "called station ID" in NPS policy to meet your requirements.

    For example, your internal WIFI's AP's SSID is "Internal-wifi", your public WIFI's AP's SSID is "Public-wifi", and we use NPS server to authenticate for these APs.

    On NPS server, we need to create two policies, one for internal authentication (PolicyI), another for public authentication (PolicyP).

    On policyI>condition, add "Called Station ID", enter the SSID of internal AP, add user groups, your domain user group, on constraints, configure the authentication method you want and other settings;

    On policy>condition, add "Called Station ID", enter the SSID of public AP, and configure other settings you want.

    Then enable your internal users use internal AP to connect wifi, and public users use public AP to connect to wifi.

    Best Regards,


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, June 22, 2016 2:54 AM