Not using NAP DHCP any more - it does not work on IPv6 scopes (can anyone explain?)
No Wifi on this particular network.
My IPsec / HRA is working very nicely.
Now I want to generate an identifiable event, and preferably deny access if a non-domain computer gets plugged into an Ethernet port. (I have found that more and more computers from corporate have NAP installed, so "non-NAP capable" does not work as filter)
I thought I could add a catch all rule at the bottom of my list of rules, but everytime I try this my domain joined computers start getting denied access. First they are granted access as DOMAIN\COMPUTER$, then they are denied access as COMPUTER.
I don't understand what is causing the deny access for the COMPUTER. I thought that once a rule is matched, NPS stops processing further rules.
Can someone provide my with some guidance?
I tried: unspecified network access server, Condition: NAS port type Ethernet, Access Permissions : Access Denied, Authentication : Default, no constraints, NAP Enforcement : Limited access
CarolChi