Hi,
This is not an easy one, the Windows NPS GUI does not allow you to configure this, but this should do the trick in the command line. Be carefull, since these custom changes do not appear in the GUI, they can only be seen by the command line again.
# review current policy conditions and attributes
netsh nps show np
# sample output
Network policy configuration:
---------------------------------------------------------
Name = Wired-802.1x-PEAP
State = Enabled
Processing order = 6
Policy source = 0
Condition attributes:
Name Id Value
---------------------------------------------------------
Condition0 0x1023 "S-1-5-21-2634562202-3359562768-3642344099-513"
Profile attributes:
Name Id Value
---------------------------------------------------------
EAP-Configuration 0x1fa2 "1900000000000000000000000000000038000000020000003800000001000000140000002A7BF0794279DDB5E0F2D01AE8FBCDC6F1B2AA470100000001000000100000001A00000000000000"
NP-Allow-Dial-in 0x100f "TRUE"
NP-Allowed-EAP-Type 0x100a "19000000000000000000000000000000"
NP-Authentication-Type 0x1009 "0x5"
MS-Quarantine-State 0x1faf "0x0"
Quarantine-Update-Non-Compliant 0x1fc8 "TRUE"
Framed-Protocol 0x7 "0x1"
Service-Type 0x6 "0x2"
# take note of the current condition(s), you need to repeat the condition when you edit the policy.
# if it is not repeated, the new commands simply overrides the current condition(s)
# now modify the policy, remember to repeat the existing condition(s), in this case just 1 (this example is a windows group membership)
# on top of the existing setting, you need to add the vendor specific condition:
# conditionid = "0x1a"
# this is 26, meaning vendor specific attribute
# conditiondata = "0100002228000Bssid=test"
# not entirely sure, but the 0x2288 part represents the vendor code 8744.
# I have found this by setting in an existing profile the profile settings with vendor specific : 8744, code 0, type string, value ssid=test
# Next use "netsh nps show np" and review the configured settings in the profile. These are the values you can use in your condition.
# so, sample command:
netsh nps set np name = "Wired-802.1x-PEAP" state = "enable" conditionid = "0x1023" conditiondata = "S-1-5-21-2634562202-3359562768-3642344099-1112" conditionid = "0x1a" conditiondata = "0100002228000Bssid=test"
# review :
netsh nps show np
# sample output, do not bother the policy order value, this just depends on the number of policies you have defined on the NPS:
Network policy configuration:
---------------------------------------------------------
Name = Wired-802.1x-PEAP
State = Enabled
Processing order = 6
Policy source = 0
Condition attributes:
Name Id Value
---------------------------------------------------------
Condition0 0x1023 "S-1-5-21-2634562202-3359562768-3642344099-1112"
Condition1 0x1a "0100002228000Bssid=test"
Profile attributes:
Name Id Value
---------------------------------------------------------
EAP-Configuration 0x1fa2 "190000000000000000000000000
0000038000000020000003800000001000000140000002A7BF0794279DDB5E0F2D01AE8FBCDC6F1B
2AA470100000001000000100000001A00000000000000"
NP-Allow-Dial-in 0x100f "TRUE"
NP-Allowed-EAP-Type 0x100a "190000000000000000000000000
00000"
NP-Authentication-Type 0x1009 "0x5"
MS-Quarantine-State 0x1faf "0x0"
Quarantine-Update-Non-Compliant 0x1fc8 "TRUE"
Framed-Protocol 0x7 "0x1"
Service-Type 0x6 "0x2"
Best regards,Peter