locked
How to configure Net Authentication with Active Directory RRS feed

  • Question

  • Dear Team

    I want to that, 

    Unknown device will not get internet if it has WiFi connect users without logging in to Active Directory. 

    Those who have Active Directory connect AD users will only get internet.

    Please advice and share Microsoft document and authentication diagram.

    Thanks

     


    Thursday, July 16, 2020 1:51 PM

Answers

All replies

  • Hi,

    I found some different ways of block Internet access for non-AD domain users, please reference:

    https://www.gypthecat.com/how-to-block-internet-access-with-group-policy

    https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/45663/block-internet-access-for-non-ad-domain-users

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    This "Network Access Protection" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best regards

    Cherry


    "Network Access Protection" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Network Access Protection"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.



    Friday, July 17, 2020 6:50 AM
  • Dear Cherry

    Thanks for Reply and advice

    Exactly i want to bellow the instruction:

    1. Only those who are connected to Active Directory will get internet access, internet applicable for active directory users.

    2.  No active directory login, has connect in Wi-Fi, If he connect to Wi-Fi but he will not get internet access, but device not connect in AD server. 

    3. must device have to connect in Active Directory then will get the internet access. Otherwise he will not get the internet access.

    Please advice and share Microsoft configuration document and authentication process diagram.

    Thanks

    Friday, July 17, 2020 4:10 PM
  • Hi,

    Using Group Policy Editor, to create new group and apply the policy.
    1. Create a new policy in GPMC by right-clicking your domain and pressing New. Name the policy No Internet. Or Press windows + R, the run windows will show, type in gpedit.msc
    2. Right-click No Internet and press Enforced to check it.
    3. Select No Internet in the left-hand pane, select Authenticated Users under Security Filtering and press Remove, and OK to prevent the policy from applying.
    4. Using Group Policy to implement Internet Explorer settings, navigate to User Configuration / Windows Settings / Internet Explorer Maintenance in the No Internet policy.
    5. Right-click Internet Explorer Maintenance and press Preference Mode. NOTE: If a policy is already defined, you must press Reset Browser Settings, which will reset any Internet Explorer Maintenance Group Policy, before you press Preference Mode.
    6. Navigate through Connections and double-click Proxy Settings (Preference Mode).
    7. Check Enable proxy Settings, Use the same proxy server for all addresses, and Do not use proxy server for local (intranet) addresses.
    8. Type 127.0.0.1 into Address of proxy and 80 into Port.
    9. Press OK.
    10. Close the No Internet group Policy.
    NOTE: To prevent a user from changing their proxy settings, implement Disable changing proxy settings or Disable the Connections page in the No Internet policy.

    To prevent a user from accessing the internet.
    1. Select the No Internet group Policy under your domain and press Add under Security Filtering.
    2. Use the Advanced dialog to locate and select the user, pressing OK.
    3. Press OK.
    4. If the user is logged on, force the policy to update.

    This "Network Access Protection" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best regards

    Cherry


    "Network Access Protection" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "Network Access Protection"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.


    Monday, July 20, 2020 7:52 AM
  • Dear Cherry

    A Lot of Thanks for Advice

    Do i understand you? I wish that all users who have Active Directory connected will only get internet.

    Those who are not connected to Active Directory but wireless user will not get internet.

    Tuesday, July 21, 2020 5:39 PM