Carrun,
Here is what you do:
Use group policy to push out a configuration, which will have the Windows machine authenticate as a computer, when it boots up at the ctrl-alt-delete screen, then authenticate at the user when the user actually logs in http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-How-to-create-a-Wireless-Group-Policy-on-Windows-2008/td-p/11768
In the link in the post before, CPPM assigns a pre-built role of [Machine Authenticated] to track of devices that have ALREADY machine authenticated, and you can combine that with the [User Authenticated] CPPM role to determine what devices have passed both.
If you want to test the Windows computer authenticating in at bootup and the user logging in at the ctrl-alt-delete screen, when you configure wireless on the Windows 7 device, under the IEEE> Advanced settings, you need to make sure that "user and computer authentication" are selected. By default, only computer authentication is selected, when you just try to click on a WLAN in Windows 7.