locked
NAP DHCP Allow and disallow by security group RRS feed

  • Question

  • Hi,

     

    I would like to enable NAP locally on the network so that if any machines that belong to a security group can gain full access using DHCP and then any other machines that are not part of that group get limited access. I am not concerned about any of the other criteria on the SHV.

     

    Can this be done??? Any help would be good!!!!

     

    Kev.

    Wednesday, April 7, 2010 3:44 PM

Answers

  • Hi,

    All you need to do is create two network policies. Create a security group condition in each policy (in NPS it is called a machine group) to match the group you want and then set the NAP enforcement setting to full or restricted access. This can only be done for computer groups, not user groups, and the computers must be members of the domain.

    -Greg

    Thursday, April 8, 2010 4:45 AM

All replies

  • Hi Kevina75

    As you descript I think only the NPS cannot achieve you goal, but you can refer to 802.1X Authenticated Wired Access

    http://technet.microsoft.com/en-us/library/cc753354(WS.10).aspx

    Hope that is help for

     

    Thursday, April 8, 2010 1:42 AM
  • Hi,

    All you need to do is create two network policies. Create a security group condition in each policy (in NPS it is called a machine group) to match the group you want and then set the NAP enforcement setting to full or restricted access. This can only be done for computer groups, not user groups, and the computers must be members of the domain.

    -Greg

    Thursday, April 8, 2010 4:45 AM
  • Greg thanks.

     

    I will try this once back to the site next week.

     

    Kev.

    Friday, April 9, 2010 12:30 PM