Share via

Restrict domain computer to connect to WiFi by NPS

Ricardo Ito 191 Reputation points
2022-02-14T20:28:43.187+00:00

Hello team!
I would like to know if it is possible to restrict domain computers (contoso.local) to connect to wireless SSID using Network Policy Server (NPS).

Environment:

SSID: Sales-5G
This SSID is set to allow connections using Active Directory credenctials

Computers in domain contoso.local: pc1.contoso.local and pc2.contoso.local
Windows Server 2019 with NPS: server1.contoso.local
Computers in workgroup home: pc3 and pc4

Only pc3 and pc4 can connect to Sales-5G using Active Directory credenciatials.

Windows for business | Windows Server | User experience | Other
0 comments
Accepted answer
  1. Gary Nebbett 6,216 Reputation points
    2022-02-25T13:51:31.247+00:00

    Hello @Ricardo Ito ,

    It is not easy to formulate a "probably no practical solution" type of answer; it is much easier to respond if one knows a positive answer and possibly foolish to state categorically that something is not possible.

    The NPS, which is making the accept/reject decision, only has the information in the RADIUS messages upon which to base its decisions; in the case of authentication with user credentials, there won't be much machine related information in the messages beyond the MAC address of the connecting device and the MAC address is not a good discriminator of whether the device is a joined to a domain or not.

    Gary

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ricardo Ito 191 Reputation points
    2022-02-25T13:00:26.33+00:00

    Hello guys!
    Anyone?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.