![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 66%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERI%3C/text%3E%3C/svg%3E)
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,055 questions
Hello @Ricardo Ito ,
It is not easy to formulate a "probably no practical solution" type of answer; it is much easier to respond if one knows a positive answer and possibly foolish to state categorically that something is not possible.
The NPS, which is making the accept/reject decision, only has the information in the RADIUS messages upon which to base its decisions; in the case of authentication with user credentials, there won't be much machine related information in the messages beyond the MAC address of the connecting device and the MAC address is not a good discriminator of whether the device is a joined to a domain or not.
Gary