We have Server 2008 and 2008 R2 with no NAP implemented.
Our wireless is encrypted with 802.1X user credentials only, so any user can use their domain credentials to join any device to the network as long as they enter the correct user name and password and other needed configuration settings for devices that do not detect and autoconfigure the settings.
Wired network is open to anything that is plugged into an active Ethernet ports.
We would like to only allow "authorized" devices to connect the network.
I know of ways to lock down the network using IPSEC, but it seems pretty complex and it would block our non-domain joined unmanaged machines that we need to be on the network such as VOIP phones, network printers, new workstations being imaged that have not yet been joined to the domain, our Unix and Linux servers and business partner's laptops that are joined to other domains.
Is there a way to block random devices brought in from the street from connecting and still allow for all of these exceptions?