User-based 802.1x authentication if Computer authenication enforced by GPO?
I'm looking to deploy 802.1x port security on my home network (like many I use for messing around to work on my skills).
When it comes to connecting my company laptop to my home network, the LAN interface is configured by GPO to use computer-only authentication - which is correct for our corporate network.
However given the machine won't be a member of my home domain, it would need to use user authentication if on my network. Given computer only is enforced by the GPO, I'm thinking this won't be possible.
So the question is does anyone know of any workarounds or am I best to use this on a port either with no security or MAC-based security rather than 802.1x
Obviously wireless network authentication won't be a problem, just the wired LAN.
When it comes to connecting my company laptop to my home network, the LAN interface is configured by GPO to use computer-only authentication - which is correct for our corporate network.
However given the machine won't be a member of my home domain, it would need to use user authentication if on my network. Given computer only is enforced by the GPO, I'm thinking this won't be possible.
So the question is does anyone know of any workarounds or am I best to use this on a port either with no security or MAC-based security rather than 802.1x
Obviously wireless network authentication won't be a problem, just the wired LAN.
kevinhsieh
Interesting problem. I don't know how you allow the laptop to allow user authentication to a foreign network like you home lab. You would need to override the GPO that the domain laptop receives. You could do this by applying a local GPO if you have admin rights.
ASKER
I do have local admin rights, but would have thought a domain GPO would take precedence over any local policy?
ASKER
Just checked and confirmed a domain GPO would over-ride anything configured locally.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not possible.