• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 240
  • Last Modified:

IAS Server 2003 policies

I have windows 2003 server with IAS installed authenticating users / passwords
I would like to only allow users (domain users) to connect when on (domain computers).

If i Select Domain users AND domain computers in the policy users fail to connect

1 Solution
I had a similar issue some time ago when implementing IAS for a wireless network. From what i remember IAS using PEAP MSCHAPV2 struggled when using a policy to authenticate domain users AND domain computers. We tried setting the policy (as suggested elsewhere) to authenticate domain users OR domain computers. This worked but it allows a user to connect using their domain credentials from a non domain machine. What we ended up doing was to set the policy to authenticate domain computers only, that way only domain machines could connect. The user authentication would still be done through Active Directory. As long as users can't create new local user accounts on the machines you should be ok.
Rbauckham69Author Commented:
Thanks for the insight. I 'll probably end up doing this also.

there also appears to be a differnce between XP and Windows 7 clients when a wireless policy is push out when the IAS server has an authenticating certificate.

Works on on local XP / win 7 profiles and xp domain policy. But XP fails

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now