Configure User and Machine Group Requirements

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

User and machine group requirements are configured by creating an Active Directory security group condition in network policy. If the NAP enforcement method is 802.1X or VPN enforcement, members of the security group can be users or computers. If the NAP enforcement method is IPsec or DHCP, members of the security group must be computers.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Configure a security group condition

Use the following procedure to configure a security group condition in network policy. Security groups are also called user groups, machine groups, and Windows groups in network policy.

To configure a security group condition

  1. Click Start, click Run, type nps.msc, and then press ENTER.

  2. In the Network Policy Server console tree, open Policies\Network Policies.

  3. In the details pane, under Policy Name, double-click the name of the network policy you want to configure with a security group condition.

  4. In the policy properties window, on the Conditions tab, click Add. Under Groups, in Select condition, choose Windows Groups, click Add, and then in the Windows Groups dialog box, click Add Groups.

  5. In the Select Group dialog box, under Enter the object name to select, type the name of the security group that you want to add as a network policy condition, and then click OK.

  6. In the Windows Groups dialog box, verify that the correct group is displayed under Groups, click OK, and then click OK to close the network policy properties window.