I recently implemented a new wireless system with APs that use WPA2 Enterprise Authentication via our local RADIUS server and local Certificate Authority. Currently everything works well from the users end. They log in to their computer, selected the correct SSID, and authenticate automatically. My problem is I need to limit this authentication, to only devices on the domain. With the current configuration, anyone with network credentials can authenticate with any device. This is a major problem.
To me the obvious answer was to add the windows group "Domain Computers" to the Network Policy. The moment I do this users fail to authenticate with the below error
My current connection request policy
Current Network Policy
If I remove the OR statement, and make this only Windows Group - Domain Computers, users will fail to authenticate.
Does anyone have an idea how I can fix this?