Configuring Network Policy (NPS) for VPN to allow only specified users and computers to connect?

I am currently configuring NPS on our new VPN server (Windows Server 2012 R2) and trying to set the network policy conditions to allow only specified users and specific computer objects.

So I add my AD group I created allowed users (domain\VPN permitted users) to "User Groups" and also the AD group for allowed computers objects (domain\VPN permitted computers) to "Machine Groups" in the conditions for my network policy. The AD groups have the test user and test computer object added to each respectively.

When I attempt to connect by VPN it will not allow the connection to complete. If I remove the AD group from "Machine groups" and only have the user specified in "User groups" I can connect successfully. Doesn NPS only allow one OR the other, not both conditions (AND)?

If that is the case, is there any other way to only allow specific users AND computers to connect by VPN?



April 1st, 2015 9:12pm

I am also seeing same kind of behavior in my setup, please check below link it explains about the limitation :-

https://social.technet.microsoft.com/Forums/windowsserver/en-US/72f4af40-8f85-4e60-90f1-2ddee834b5af/nps-server-using-machine-groups

-Ashish

Free Windows Admin Tool Kit Click here and download it now
April 9th, 2015 4:17pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics