I setup an 802.1x network that uses IAS and requires computer certificates via GPO(I am usingWPA/WPA2, TKIP with IAS and computer certificates) Windows computers can not access the AP's until they are part of the domain and receive the policy for a computer certifcate. Once they have a valid certificate, they useEAP to pass their windows credentials. This part works great and it is secure in that if the Cert cerver does not know about the computer, they can't connect via IAS! The problem I am having is the users with MAC's ignore group policies and are not required to have a certificate even though IAS says they must. Being so, they can be in the parking lot and see the AP'sand then can connect and are prompted for domain credentials bypassing the certificate requirement! This defeats the purpose of requiring a certificate! I want MACs to either have a valid computer certificate or not be able to connect! This is important becuase it is an enterprise deployment and needs to be secure. Any ideas?