Hi guys,I'm wondering if anyone knows about a workaround for an issue I stumbled across lately.I'm currently using EAP-TLS for Windows devices with machine + user authentication on the wired side. All is working well and both certificates are authenticating fine.The Windows authentication profiles are pushed by GPO.When @ the login prompt, I machine auth successfully and then my problem is when I log in with the local admin account. Since this account is not part of AD, it has no user certificate enrolled. I would expect a method to tell the Windows PC that if no user cert exist in the store, fallback to machine certificate even if a user session is logged in. Since settings are managed by GPO, its greyed out and impossible to modify. Then my only options seems to be either having a generic user cert on a USB stick or use netsh to modify profile with a script and override GPO.
Anyone had this problem and found a setting to overcome it?Thanks :)
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.