Well collin before looking at your post i send the wireless controller to reboot...
As i though it was something in the wireless controller and not on the client or in the nps...
Anyways now im not getting the derivated role.. so i guess its working...
im getting the Machine Authentication: Default user Role
I guess thats what it should happen....
Now let me understand this and just confirm me if im correct and iwll stop bothering you with this :)
1-As the initial role on the profile is set to logon thats the initial role
2-If the machine is NOT authenticated it will get the Machine Authentication: Default User Role right? Well if i connect with my user that has access which belongs to the second network policy. if thats true i could put this role maybe on deny all role so it wont have access anywhere i mean if the machine is not authenticated then you will get a deny all role even if you got your user that got access!! so this way you NEED to have your machine on the group otherwise you wont connect.
3-If you are successful authenticating the machine it will then authenticate also with the user and will change the deny all to role im sending witht the derived role?
Im now testing remotely with my laptop on the office im connecting through the cable...
And this what happened
I added again my computer to the ones that got permission
i log off
log on then i saw it had a deny all as he authenticated with the machine correctly then i had to disconnect and reconnect againso it could get the derived role im sending with the user....
I would like to do it automatically but i don tknow if its affecting the fact im accesing it remotely somehow....
I dont know if its a better aproch for this what i would like to have is that if your machine is not in the group, even if your user is on the group you wont be able to connect... or at least not having access anywhere... Im on the correct track with what im doing or there is another way to do it properly?