HI all

I need your suggestion to solve my problem

I have a LAN with many computers that some of them are joined to the domain  and the others not. but I don't know how to restricted them from access to the LAN . I see that we can choose the users with some parameters such as firewall and antivirus but I  don't know what configure should I do to prevention the non domain users to access my network.

Best Regards

Hi Sohaa,

Based on my understanding, you want to block unauthorized users from accessing LAN. Here are three methods could solve your problem: NAP enforcement for 802.1X, NAP enforcements for DHCP and NAP enforcement for IPsec communication. Each of the three methods has its feature.

802.1X enforcement provides strong network restriction for all computers accessing the network through 802.1X-capable network access servers. However, it needs an 802.1X authenticating switch or an 802.1X compliant wireless access point to place noncompliant 802.1X client on a remediation network.

Using DHCP enforcement, DHCP serves and NPS enforce health policy when a computer attempts to lease or renew an Ipv4 address. However, if the client configured with a static IP address or configured to circumvent DHCP, this enforcement method is not effective.

IPsec enforcement for Windows firewall is deployed with a health certificate server. It provides the strongest implementation of NAP. However, you have to make clients to be IPsec enforcement clients.

If you want to learn more about the above three methods, you may click the following link:

NAP Enforcement for 802.1X:

https://technet.microsoft.com/en-us/library/cc770861%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

NAP Enforcement for DHCP:

https://technet.microsoft.com/en-us/library/cc733020(v=ws.10).aspx

NAP Enforcement for IPsec Communications:

https://technet.microsoft.com/en-us/library/cc771899(v=ws.10).aspx

Best Regards,

Anne

really appreciate your help

I will try these solutions