NPS - MAC Address Filtering for Wireless Devices not in Security Group


  • Hi All

    I have 2 wireless networks for my company:

    Guest – non employees use this and is secured by WPA2 shared key. This network has no access to company resources and just has internet access

    User – for employees. This network is secured via WPA2 Enterprise with an NPS server and a network policy further filtering by Windows AD sec group (users and computers). This all works nicely. 

    I don’t currently have anything in place to filter out non work provided equipment on the user network so in theory anyone could join the user network which has access to all company IT resources. Far from ideal. 

    I want to implement some form of MAC filtering at the NPS server. Company provided laptops don’t need MAC filtering as they are trusted by default (they are in the sec group). But non work devices (laptops/iphone etc) would need to be mac address filtered. 

    Does anyone have an suggestions on how can I achieve this? My server environment in 2012R2 and my work provided endpoints are Windows 10 Pro or I devices


    Friday, June 8, 2018 1:10 PM

All replies