locked
Allow only domain Computers to connect to WPA-2 Enterprise RRS feed

  • Question

  • Hi,

    I have set up a WPA-2 Enterprise SSID, I also created an NPS Policy that has conditions of:

    MachineGroup : Local\Domain Computers

    Call Station ID: myenterprisewireless$

    NAS Port Type: Wireless or other non wireless IEEE 802.1x

    I want it to restrict so that only Domain computers can connect (I have a GPO that does this automatically) however, when testing on a non domain device, I am still able to put in my username and password and connect. Is there anything I can do so that if you are not on a domain device and put in your user credentials it will not allow you to connect?

    Thanks,

    Chris


    • Edited by Wozer03 Tuesday, December 19, 2017 1:15 PM
    Monday, December 18, 2017 9:35 PM

Answers

  • Candy,

    An extra update, it seems my policies are working. Just Chrome devices are ignoring the setting and connecting anyways.

    • Marked as answer by Wozer03 Wednesday, December 20, 2017 1:20 PM
    Tuesday, December 19, 2017 4:57 PM

All replies

  • Hi ,

    Please check if the following link is helpful:

    Domain wifi authentication with PEAP 

    https://community.spiceworks.com/topic/408957-domain-wifi-authentication-with-peap

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Configure Wireless Clients running Windows 7 and Windows Vista for PEAP-MS-CHAP v2 Authentication

    https://technet.microsoft.com/en-us/library/dd759176.aspx?f=255&MSPPError=-2147217396

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 19, 2017 7:46 AM
  • Candy,

    Thanks for the links. With the first one, I already have everything set up, and am able to connect to the WiFi without any issues, I just want to deny anyone logging in with credentials.

    With the second link, I set that all up in the GPO and my domain computers will auto connect to the wifi network. However, I can also still log into the network on my phone with my domain credentials, which I want to stop from happening.

    Chris

    Tuesday, December 19, 2017 1:19 PM
  • Candy,

    An extra update, it seems my policies are working. Just Chrome devices are ignoring the setting and connecting anyways.

    • Marked as answer by Wozer03 Wednesday, December 20, 2017 1:20 PM
    Tuesday, December 19, 2017 4:57 PM
  • Another update,

    I created a policy that denies authentication if its a Domain User and allows if it is a Domain Computer.

    This fixed the issue!

    Tuesday, December 19, 2017 6:02 PM
  • Hi ,

    I am glad to hear that your issue was successfully resolved. If there is anything else we can do for you, please feel free to post in the forum.

    In addition, you could mark the useful reply as answer to help other community members find the helpful reply quickly.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 20, 2017 2:02 AM