0

I run Windows 2008 R2 with AD, NPS.

I have a OU call Wifi Only, I need every user in this OU can not access to any server in a specific VLAN Subnet 192.25.0.0/16 (isolate user)

How can I achieve it. Thanks

billyduc
  • 1,617
  • 8
  • 24
  • 26

1 Answers1

0

You will have to set up domain and server isolation. It requires policy to use IPSEC authentication to determine which computers can interop. See https://technet.microsoft.com/en-us/library/cc770626(v=ws.10).aspx

Jim B
  • 24,081
  • 4
  • 36
  • 60
  • Thank Jim, Does it work if the computer is not Windows based, almost my client running MAC. I just need AD to provide Wifi Authentication, when they have Wifi access they can not access to any other Server Network. – billyduc Sep 07 '15 at 06:40
  • IPSEC will work on any modern OS however group policy will only apply to the windows clients. Since the MACs won't be configured this should actually be easier since they are not domain members the servers will be unable to connect to the clients at all. – Jim B Sep 07 '15 at 17:56