[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How can I add a condition to a Network Policy for a mac address only?

Posted on 2014-08-19
7
Medium Priority
?
304 Views
Last Modified: 2014-08-24
I have a Network Policy Server running on Server 2012 R2.  I have set it up to do certificate and PEAP authentication for our 802.1x wireless authentication and that works great.

I have a Network Policy on this server that I want to only apply to a computer with a certain MAC address.  Is this possible?  I see I can set policies based on Windows Groups.  This device is a iOS device so it isn't on the domain so I can use a Machine group.  I would like it to simply use the MAC address.  Anyone know how I can do this?  Or do you have any other ideas on how I can limit this policy to only apply to this iOS device?  I can't use IP address because this is dynamic.

Thank you for your time.
0
Comment
Question by:gacus
  • 4
  • 2
7 Comments
 
LVL 14

Expert Comment

by:Brad Groux
ID: 40270198
Utilize Group Policy Preference Item Level Targeting - http://technet.microsoft.com/en-us/library/cc733022.aspx

One of the items you can target is MAC address range - http://technet.microsoft.com/en-us/library/cc731568.aspx

Simply make the range start and range end the server in question's MAC address.
0
 
LVL 1

Author Comment

by:gacus
ID: 40270201
As I said this is a iOS device that is not on the domain so GP isn't any help.

This should be can't
"This device is a iOS device so it isn't on the domain so I can't use a Machine group."
0
 
LVL 14

Expert Comment

by:Brad Groux
ID: 40270219
Apologies for missing that. You can authenticate iOS devices with AD and push policies utilizing tools like DirectControl Express, as far as I know this (or similar tools) is how most corporations deal with iOS devices.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 1

Author Comment

by:gacus
ID: 40270236
I am sure I can push policies if I went that route, but I don't see how it would help with the issue I am having and would certainly add significant complexity to our setup.  I am not trying to apply group policies to an iOS device.  I am trying to apply a radius servers Network Policy so it returns the proper radius attributes.

I need to apply a Network Policy Server - "Network Policy" to a specific mac address.
0
 
LVL 1

Accepted Solution

by:
gacus earned 0 total points
ID: 40270473
Just add the mac to the calling station id condition!
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 40277624
You are right but just be careful if you want to use wildcards for multiple devices!  If it's one MAC only it's simple enough though.
0
 
LVL 1

Author Closing Comment

by:gacus
ID: 40281348
this is the answer
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Summer 2017 Scholarship Winners have been announced!
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question