Security

Good Afternoon,

We are working on a new image deployment for our windows machines, and during testing we found that the new 1803 release of Windows 10 isn't doing the machine authentications in clearpass like 1709 and earlier versions did.

We utilize Group Policy to push our wireless profiles down to the machines.  We do a machine auth when the PC starts up, then allow the user auth and based on those 2, grant certain user roles.  If they don't pass the machine authentication, but pass the user auth, they get dropped into a BYOD user role etc.  All of our 1803 test clients are only user authenticating, and they have had to enter their AD credentials into the pop up box when connecting to the network, where previously, the machine authentcation would connect them to the network.

Looking at Group Policy, the settings haven't changed, and the "User or Computer Authentication" checkbox is still checked, however you can't find that setting locally in the machine like you used to be able to in Win 7.

 

We don't want to change our auth steps if at all possible as we want to prohibit unknown devices from connecting to the corporate network.

 

Any help would be greatly appreciated!

 

 

Can you try creating a test SSID and then manually configure the device to just use machine authentication and see if it works

Sent from Mail for Windows 10

I tried a new test SSID and configured it manually, it still was asking for user credentials without a machine auth attempt.

When configured for Computer + User, Machine Authentication only occurs in a logged out state (i.e. at the login screen).

Correct, and that is where I'm trying to make it machine auth.  On our other machines, it will automatically connect when booted up, before anyone logs in, so it gets the domain services etc.  It won't connect currently, and if you click on the SSID to connect to, it prompts for a username/password.

 

You can try forcing it to do machine authentication