Setup:
Unifi AP's connected to NPS running on Server 2012 R2.
Goal:
1. Laptop users to be able to connect to the production wireless network simply by having their computer accounts in an authorized group egCompany/Laptops
2. If your device is not in the said group (not an AD object in essence), promote for credentials from eg.Company/Authorized Users.
What so far:
I created a Network Policy with one of its conditions being that you have to be a member ofCompany/Laptops to be granted access to the wireless network. This works fine as laptop connect directly if authorized.
A second policy was created where the condition was you have to be a member ofCompany/Authorized Users.
Problem:
1. After implementing the second policy, which is 2nd in the processing order, even authorized laptop are prompted for credentials.
2. Devices not in the Company/Laptops group are not granted access at all.