09-02-2014 11:55 AM - edited 09-02-2014 11:56 AM
So I have our new cppm set up and running. I am running a beta in two different buildings and so far so good. 802.1x/PEAP with cert working and whatnot.
A new scenerio has arisen in that our helpdesk would like to put two desktops on the secure wireless in an area that feasably cannot have any drops installed. My question is this; how do I set it up so just the machines authenticate onto the 802.1x wireless (which drops right into a domain VLAN like our wired machines do) and would then let whomever authenticate with their AD credentials? (meaning that the help desk people will be rotating through this position)
Thanks again gang :-)
Network+ | CWNA | ACSP | ACMP | ACMA | BREC
09-02-2014 12:22 PM - edited 09-02-2014 12:24 PM
OK, so you'll want to configure these machines using group policy.
You'll want the computers to either 1) be in their own OU or 2) Be in a group
You can then use a combination of that data plus the built-in role of [Machine Authenticated] to dump the computer into a machine auth role. You'll want to make sure your enforcement policy allows cached roles and posture.
The screenshots below should get you started: