Windows 10 Client Machine information in NPS due to missing NAP client

Since Windows 10 lacks the NAP-client.

I'm wondering if there is another way to get the Client Machine information.
(The information in the red square in the screenshot below)
Something like a service or other type of default client that should be activated

And this point we need to first figure out a solution, before we can start rolling out Windows 10 in our Enterprise.

Some more background information, we use the Client Machine (Account name) for our wireless solution.

A user connects to wireless using his user credentials (sent from windows logon)
With this user login on wifi, the NAP-client used to sent de Client Machine information.
In NPS we checked on membership of a specific user group AND membership of a specific machine group.

This way we had a combination of user information that the user needed to know and a device the user needed to have.
Which resulted in a very simple but effective way of 2-factor authentication.

Something that normally couldn't be done, because of the fact that Wireless normally only uses either user OR computer authentication. NAP made this possible !

August 28th, 2015 8:49am

Hi Leo,

This is true, because Windows 10 lacks the NAP-client.
Without the NAP-client activated on a Pre-Windows 10 machine the result is the same.

However, when you start the NAP-Client on a Pre-Windows 10 machine, it sends the Client Machine information with the User authentication attempt.

This way I was able to find out if a user was logged in on a managed corporate device (NAP-capable+member of machine group+member of user group) or using a byod (only member of a user group).

Windows 10 doesn't have the NAP-client, so yes by new design the Client machine information isn't send anymore.

Question I have, is there a (new) way to get this information sent to the NPS server?
Maybe by starting a service, setting a registry setting or perhaps by using third-party software.

Free Windows Admin Tool Kit Click here and download it now
August 31st, 2015 4:20am

Hi Lau,

I tested on my server and got the same result.

As it said "Network Policy Server granted access to a user", I suppose it is by design that the Client Machine information is blank.

It is validating user account and it would get the information of it.

Best Regards,

Leo

 

August 31st, 2015 7:00am

Hi Lau,

As far as I know, it can't be achieved using service or registry.

I suppose some 3rd party tools could implement it.

Best Regards,

Leo

Free Windows Admin Tool Kit Click here and download it now
August 31st, 2015 9:59pm

Dear Leo,

Question I have, is there a (new) way to get this information sent to the NPS server?

Maybe by starting a service, setting a registry setting or perhaps by using third-party software.
(If it should be third-party software, which one ?)

I want to know how I can resolve the fact that there is no more Client Machine information.
Something that used to be sent with the Wireless user authentication, but without the NAP-client it isn't.

September 10th, 2015 10:31am

Hi Lau,

As I mentioned, I'm afraid it can't be achieved using service or registry.

You may try to find 3rd party tool from local software vendor. They may have developed applications to achieve the goal.

Best Regards,

Leo

Free Windows Admin Tool Kit Click here and download it now
September 13th, 2015 9:10pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics