We currently have one WLAN that only domain users can connect to. We will be adding a guest WLAN and would like all non-domain machines to use this, even if a user has a domain account.
We have set up NPS and can log in against it, but we can not restrict the connection option to be a domain computer AND a domain account. As a network policy it states that it moves along through each policy until it finds one that it accepts or runs out.
For connection request policies Domain Computers is not an option. This is where I thought I may be able to stop it.
Has anyone been able to successfully restrict this without manually adding MACs to the WLAN Controller?
Create a policy where you deny access to all the computers you want. You won't need MAC for this.