Ok here is the scenario
i have Domain PCs ( which manged by IT )
some work group Laptops which is not manged by IT.
some Linux and SmartPhones which need full access all the time which must use DHCP
i want to configure NAP to control the Access to my network ( must have AV and Update auto ) for domain PCs and work-group laptops only , and exclude the Linux and the smartphones from NAP.
i already used GPO to enforce DHCP in the Domain PCs and it works fine.it seems easy using NON-Capable policy but as i said i dont have access to the work group laptops so i will force the NON-Capable policy to deny access , so they apply with my security policy . and now i cant use the NON-Capable policy with the linux and smartphone as i were willing .
also i cant add new DHCP scope with reserved IPs for the linux or the smartphone as the design i am working on is critical and fixed ..
my idea was make new NAP policy enforce it to allow all the time, and add new condition to it to be based on the linux and the smartphones MAC address or the IPs ( which will got form the orginal reserved for the only scope ).
what do you think ?