Hello Everyone,
We currently have Wi-Fi access and it uses let's say 10.20.9.x network and all our users can connect to this wifi and need to authenticate with AD sitting on 10.20.1.x network.
Since most of the users have been using their smart phones and tablets to connect to WiFi we have an issue of their accounts getting locked (as some of them use their smart phones to login to the company's applications and save their password which should be changed when their password expires and since they forget to change their account gets locked out).
We would like to enable NAP service on our DHCP server which leases 10.20.5.x IP's to the WiFi clients and I would like to create a policy which would restrict the access of non-domain devices (smart phones and tablets that are not registered in AD) to just internet usage and not to the company's internal applications.
I would like to give laptops that are registered in domain full network access and smart phones or tablets not registered with domain restricted access so that users can still end up browsing internet on their smartphones or tablets.
I did some reading and found that using NAP with DHCP might fix this issue but I would like to know more about this and any help or suggestions are really appreciated.
Thanks,
Ronnie