none
Block Non-Domain Devices from Wireless RRS feed

  • Question

  • Hello. I've been searching for a solution for this problem for days now and I'm not getting anywhere. Several others have ran into this issue but I never see a final solution.

    I have a wireless network which I want limited to domain computers only. I don't want personal devices connecting to it. Currently I have a policy in NPS that has a condition to allow users from my wireless security group which I added as a Windows Group. I have rolled out the wireless network settings via GPO to all domain computers. This works great. However, users are able to connect from their non-domain devises using their credentials, which I want to prevent from happening.

    I have tried adding Domain Computers in the conditions as a Windows Group and Machine Group, neither helps. In fact it blocks all devices from connecting period.

    I have also tried changing the authentication mode on my wireless setting on the client side to "computer authentication" and "user or computer authentication". That change didn't help either.

    I'm using PEAP. Windows 2008R2. Any help will be appreciated. Thanks.


    Asif Shah

    Monday, December 15, 2014 6:46 PM

Answers

All replies

  • Hi Asif Shah,

    When it blocked all devices from connecting period, which events were logged in event viewer?

    When we add only Domain Computers in the conditions as a Machine Group, please try to change the authentication mode in wireless client to computer authentication at the same time.

    In addition, please have a look at this previous thread, Elke’s reply gave many useful information about this issue.

    https://social.technet.microsoft.com/Forums/en-US/579b6cdd-abbe-4253-9193-555daacdf476/nps-policy-802x-and-domain-userscomputersgroup?forum=winserverN

    Best Regards,

    Tina


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by hannsg Friday, December 19, 2014 2:19 PM
    Tuesday, December 16, 2014 10:00 AM
    Moderator
  • Tina,

    Thank you for the suggestion. That worked. So looks like having a Windows group with users is not needed if you want to limit the connection to just domain computers.


    Asif Shah

    Thursday, December 18, 2014 2:45 PM
  • Hi Asif Shah,

    Thank you for the update. I’m glad to hear that the issue was solved.

    Best Regards,

    Tina


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 22, 2014 3:19 AM
    Moderator
  • Is there a way that we can validate User authentication and hostname of certificate if not match to push to guest ssid redirection
    Sunday, May 26, 2019 11:29 AM