Your ability to allow or stop devices from getting onto your network is dictated by the authentication method you choose. No matter what we implement you will have the following issues:
- Eventually the WPA2 key will get compromised
- DHCP fingerprinting will not work for devices that choose a static IP address.
- Personal devices, no matter the operating system consume the same amount of IP addresses.
- It is impossible to change the preshared key overnight, so you are stuck with everyone sharing the same key possibly for years. How do you stop people from getting into your network when everyone has the key to the front door?
- In Windows 7 the key can easily be revealed by others.
Long story short:
You should select a security protocol to meet your needs instead of trying to make an insecure method meet your security needs.