Create a Group for a Network Policy

Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

You can use this procedure to create a user or computer group in Active Directory® Domain Services (AD DS) and then add the group as a condition in a Network Policy Server (NPS) network policy.

Membership in Domain Admins , or equivalent, is the minimum required to complete this procedure.

To create a group for a network policy

  1. Open the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, and then click the domain where you want to create a group.

  2. Do one of the following:

    • To create a group whose members are computers, in the details pane, right-click Computers , click New , and then click Group .

    • To create a group whose members are users, in the details pane, right-click Users , click New , and then click Group .

    The New Object - Group dialog box opens.

  3. In New Object - Group , in Group name , type a name for the group.

  4. In Group scope , select Domain local , Global , or Universal .

  5. In Group type , ensure that Security is selected, and then click OK .

  6. Double-click either Computers or Users , depending on where you created your group, and then double-click the group you created to open group properties.

  7. In group properties, click the Members tab, and then click Add . The Select Users, Contacts, Computers, or Groups dialog box opens.

  8. In Select Users, Contacts, Computers, or Groups , in Enter the object names to select , type the object names that you want to add to the group, and then click OK twice.

  9. Open the NPS console, and then double-click Policies . Right-click Network Policies , and then click New . The New Network Policy wizard opens.

  10. Run the wizard, making selections appropriate to your deployment, until you reach the Specify Conditions page.

  11. In Specify Conditions , click Add . The Select condition dialog box opens. If you created a group of computers, click Machine Groups . If you created a group of users, click User Groups .

  12. Click Add . The Windows Groups dialog box opens. Click Add Groups .

  13. The Select Group dialog box opens. In Enter the object name to select , type the name of the group that you created in AD DS, and then click OK .

  14. Configure additional conditions for your deployment as needed, and then continue running the New Network Policy wizard until you have completed creating a new network policy.