Hi All,
I 'm looking into ways of only allowing Windows 7 clients to connect to a specific Wireless network, or ways to block smart phones and non domain computers from authenticating. We're using Radius authentication which currently allows Domain Users and Domain Computers to authenticate through NPS on Server 2008R2. Becuase of this, an increasing number of smart phones are allowing users to connect to these Wireless networks by using their domain user accounts to authenticate. Even though we have PAN wireless networks available to them to use. We really need to prevent the use of smart phones on specific ESS profiles within our network.
All our domain based windows 7 clients (Laptops) have a Wireless policy installed via group policy to use 802.1X using Computer authentication. As this is the case would changing the Network Policy in NPS to only allow Domain Computer authentication do the trick? as this would then deny users from authenticating?
I was looking at configuring NAP for all clients, then only allowing the Windows 7 clients to authenticate through an NPS policy, though the additional configuration involved put of doing this if I can avoid it.
TS: Windows Server 2008 Active Directory, Configuring BSc/Hons Computer and Network Engineering