IAS Server 2003 policies

Posted on 2011-10-26
Medium Priority
Last Modified: 2012-05-12
I have windows 2003 server with IAS installed authenticating users / passwords
I would like to only allow users (domain users) to connect when on (domain computers).

If i Select Domain users AND domain computers in the policy users fail to connect

Question by:Rbauckham69

Accepted Solution

x3man earned 2000 total points
ID: 37031209
I had a similar issue some time ago when implementing IAS for a wireless network. From what i remember IAS using PEAP MSCHAPV2 struggled when using a policy to authenticate domain users AND domain computers. We tried setting the policy (as suggested elsewhere) to authenticate domain users OR domain computers. This worked but it allows a user to connect using their domain credentials from a non domain machine. What we ended up doing was to set the policy to authenticate domain computers only, that way only domain machines could connect. The user authentication would still be done through Active Directory. As long as users can't create new local user accounts on the machines you should be ok.

Author Comment

ID: 37043685
Thanks for the insight. I 'll probably end up doing this also.

there also appears to be a differnce between XP and Windows 7 clients when a wireless policy is push out when the IAS server has an authenticating certificate.

Works on on local XP / win 7 profiles and xp domain policy. But XP fails


Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question