IAS Server 2003 policies

Posted on 2011-10-26
Last Modified: 2012-05-12
I have windows 2003 server with IAS installed authenticating users / passwords
I would like to only allow users (domain users) to connect when on (domain computers).

If i Select Domain users AND domain computers in the policy users fail to connect

Question by:Rbauckham69
    LVL 9

    Accepted Solution

    I had a similar issue some time ago when implementing IAS for a wireless network. From what i remember IAS using PEAP MSCHAPV2 struggled when using a policy to authenticate domain users AND domain computers. We tried setting the policy (as suggested elsewhere) to authenticate domain users OR domain computers. This worked but it allows a user to connect using their domain credentials from a non domain machine. What we ended up doing was to set the policy to authenticate domain computers only, that way only domain machines could connect. The user authentication would still be done through Active Directory. As long as users can't create new local user accounts on the machines you should be ok.

    Author Comment

    Thanks for the insight. I 'll probably end up doing this also.

    there also appears to be a differnce between XP and Windows 7 clients when a wireless policy is push out when the IAS server has an authenticating certificate.

    Works on on local XP / win 7 profiles and xp domain policy. But XP fails


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now