Security

So I have our new cppm set up and running. I am running a beta in two different buildings and so far so good. 802.1x/PEAP with cert working and whatnot.

A new scenerio has arisen in that our helpdesk would like to put two desktops on the secure wireless in an area that feasably cannot have any drops installed. My question is this; how do I set it up so just the machines authenticate onto the 802.1x wireless (which drops right into a domain VLAN like our wired machines do) and would then let whomever authenticate with their AD credentials? (meaning that the help desk people will be rotating through this position)

Make sense?

Thanks again gang :-)

---

@cappalli wrote:
Are these AD-joined Windows machines?

---

Yep :-)

OK, so you'll want to configure these machines using group policy.

You'll want the computers to either 1) be in their own OU or 2) Be in a group

You can then use a combination of that data plus the built-in role of [Machine Authenticated] to dump the computer into a machine auth role. You'll want to make sure your enforcement policy allows cached roles and posture.

The screenshots below should get you started:

Much appreciated Tim, I'll start digging into this!

For the group policy piece: