Hello Collin
Question regarding this
If i got machine enforment on and also EAP PEAP to athenticate with user and password
I got it set up like this
When you authenticate with the correct machine you actually get an ip address but you get a deny all role
When you authenticate the user then you get a derived role which got the real access.
Now as i got it, it will affect the users that needs to change to a new password? i mean when they have a group policy which tell you, that you need to change the password every X time?
I did it this way because i want that it needed to pass both authentcation before having any access to the network.
But it seems it will give me trouble...
If im correct in what i thing
To correct it what do you recommend?
I was thinking in maybe that when it pass the machine authentication it give you just the privileged to change the pasword... maybe just opening the ports that its needed for this agains the active directory ip address
Or do you suggest another aproach?
Thanks in advance
Cheers
Carlos