My current environment have a Cisco ACS which configure the TACACS+ for network devices. With the current settings, we can specify Shell Profiles and Command Sets for the devices access.
Shell Profile: define user access privileges (such as Admin acccess, or read-only access)
Command Sets: define which commands to be permitted or denied
I'm migrating the policies from Cisco ACS to Microsoft NPS. However, from the network connection policy I can only specify RADIUS attributes to achieve the Shell profile features like below to allow admin/read-only access.
But I can't find the options to specify any commands set for the policy. As I know TACACS+ is not supported in Microsoft NPS but is there any other ways that I can allow/block certain commands to be executed with RADIUS attributes?