I am currently configuring NPS on our new VPN server (Windows Server 2012 R2) and trying to set thenetwork policy conditions to allow only specified users and specific computer objects.
So I add my AD group I created allowed users (domain\VPN permitted users) to "User Groups" and also the AD group for allowed computers objects (domain\VPN permitted computers) to "Machine Groups" in the conditions for my network policy. The AD groups have the test user and test computer object added to each respectively.
When I attempt to connect by VPN it will not allow the connection to complete. If I remove the AD group from "Machine groups" and only have the user specified in "User groups" I can connect successfully. Doesn NPS only allow one OR the other, not both conditions (AND)?
If that is the case, is there any other way to only allow specific users AND computers to connect by VPN?
