Security

What you need to do is send a GPO with the wireless profile set the Authentication mode to "user or computer" and to "Automatically use my Windows logon name and password"

https://msdn.microsoft.com/en-us/library/dd759176(v=ws.11).aspx

This should help you with that issue

Get Outlook for iOS

If a mac address has machine authenticated, by default the result is cached for 24 hours.  The parameter that controls that behavior is under Administration> Server Manager> Server Configuration> Click on Server> Service Parameters> Select Policy Server Service:

Alternatively, you can clear the machine authentication cache manually by clicking on Administration> Server Manager> Server Configuration> Clear Machine Authentication Cache:

 

The reason the cache is in place is because machine authentication only happens when the machine is sitting at the ctrl-alt-delete screen, either because it just rebooted, or because someone logged out.  Many people do not log out of their computers, however  and just lock them.  When they wake their computers up, machine authentication does not take place, so CPPM will think that it is not a domain machine.  The machine authentication cache stores the previous authentication and renews it, every time there is a successful authentication, so that the user does not have to reboot or logout of their machine to demonstrate that this is a domain machine.  I hope this helped.

Dear Cjoseph,

 

Sorry to late response. 

I had reinstall my test pc from win 10 to win 7 and now, when my pc (my pc had been joined domain) boot into logon screen, on CP it show machine authenticated and if I login by domain user CP show only user authenticated. It's weird.

I'm checking my CP configuration, don't know why it happens.

 

You should be looking in the Access Tracker, under the Summary Tab.  Under "Roles", it should say [Machine Authenticated] and [User Authenticated].  Please post a screenshot of both access tracker messages.

 

Dear Cjoseph,

 

Please kindly check the image below.

 

Hera are the configuration for HP Wire with Onguard and Guest service:

Thank you.

 

 

Dear Cjoseph,

 

Please kindly check the images below:

 

Here are the configuraiton on ClearPass:

Thank you.

Dear Cjoseph,

 

I upload the image and receive the email from airheads that I earn the badge for upload pictures but when I refresh to check it not show my post. So I upload it to my onedrive, please kindly check the link below:

Link 1

Link 2

Link 3

Below is the image for configuration of CP

Link 4

Link 5

Link 6

Thank you.

Do you also have Onguard Installed?

It says that System Posture Status is Infected.

Dear Cjoseph,

 

Yes, I have Onguard install. 

I just disable Onguard service and retest again. It still show machine authenticated when pc boot to logon screen and not show machine authenticated when login by domain account as the image that I post in the last reply.

Do you have any advice?

 

Thank you.

In your enforcement policy in your service, check to see if "Use Cached Results" is enabled.

 

Dear Cjoseph,

 

Yes, it's enable. I try to disable and test but the role in access tracker still not show Machine Authenticated when login via account domain.

Could you export your configuration and share it to me for testing?

 

Thank you.

My lab does not have any machine authentication, messages and it is not using wired authentication.  What version of CPPM are you using?

Dear Cjoseph,

 

I'm using CPPM 6.6.1.84176

I export my configuration as attachment, please kindly look around if I configure any wrong.

 

Thank you.