I have a Server 2012 VPN set up and I need to have MACs and Windows XP and up connect to it.The policy 1 is for windows vista and higher, because they can use PEAP and SSTP. XP and MACs is number 2 and uses EAP and L2TP. The problem is I don't know the correct conditions to use to make it check the policy one first. I have the user group set for VPN users and MS-RAS Vendor ID ^311$, but how can I set it up to detect if someone is using a Windows vista or higher. The point is I don't want someone with Windows 8 to be using L2TP. Thanks.

Hi, Thanks for your post. Please note that we cannot use Network policy to restrict the VPN client machine version, unless you use Machine Groups instead of User groups. Add different version machine to separate computer groups, and adjust the Network Policy condition. Create a Group for a Network Policy http://technet.microsoft.com/en-us/library/cc732449.aspx Checklist: Configure NPS for Dial-Up and VPN Access http://technet.microsoft.com/en-us/library/cc754114.aspx Best Regards, Aiden If you have any feedback on our support, please click here Aiden Cao TechNet Community Support

Hi, Thanks for your post. Please note that we cannot use Network policy to restrict the VPN client machine version, unless you use Machine Groups instead of User groups. Add different version machine to separate computer groups, and adjust the Network Policy condition. Create a Group for a Network Policy http://technet.microsoft.com/en-us/library/cc732449.aspx Checklist: Configure NPS for Dial-Up and VPN Access http://technet.microsoft.com/en-us/library/cc754114.aspx Best Regards, Aiden If you have any feedback on our support, please click here Aiden Cao TechNet Community Support