Wireless Access

Hi guys, 

I have setup a secure network using a RADIUS server for authentication.  My question is, is there a way to prevent people from clicking on the network and entering their credentials to connect to the network.  I would like to have group policy to be the only way people connect to the network, if a computer is not joined to the domain, I dont want them to be able to connect to wireless network, dont want them to be able to join their personal devices to wireless by putting their domain credentials in.

using SBS2011 as my RADIUS server

thanks Tim, have already done all of that, didnt see anything in article about preventing someone from clicking on wireless network from personal device and putting in their domain credentials and joining network which is what I am trying to do

Tim is still pointing you to the machine authentication part of the solution to this. page 33.

if you use machine authentication and enable the corresponding section on the controller dot1x profile (i believe) then you can exclude non domain joined machine (i.e. smartphones, tablets, ...) from authentication on your SSID.

that is pretty much the only thing you can do with NPS. with ClearPass you get some extra options. but this remains a tricky thing to work out.

Unfortunately you can't do that , you could try hidding the SSID but if the user knows the name or has already saved you can't prevent the user from attempting to authenticate.

Why are you trying to do this ?

Are you using ClearPass ?

If I hide the SSID, then it does not seem to connect users to the network automatically any more, I just dont want users to be able to connect their personal phone, tablet etc.. to this network by having the option to put in their domain credentails