UserLock can audit, control and apply a user access policy to Wi-Fi sessions:
Wi-Fi sessions when authenticated with the RADIUS protocol on a Microsoft Network Policy Server (included in Windows Server).
- This requires the 'NPS agent' to be installed in this service.
RADIUS clients (Wi-Fi access points) should be configured to contact the NPS server for 'RADIUS authentication' and 'RADIUS accounting'.
- Generally, the RADIUS protocol does not allow to recover the name of the client. As a result, you will not be able to apply Workstation restrictions with the client name. The only known case where this name is available is if your RRAS server is configured with RADIUS Authentication and RADIUS Accounting.
- Controlling Wi-Fi sessions may be unreliable if the Wi-Fi access point doesn't correctly notify the end of a session to the RADIUS server when a Wi-Fi client is powered off without closing the Wi-Fi session properly.
- If the Wi-Fi client is a member of the Active Directory domain, the Wi-Fi session may be authenticated with the computer account instead of the user account. In this case, UserLock will not manage the session. UserLock only manages sessions with user accounts, and not sessions with computer accounts.
- Multiple RADIUS servers for a single RADIUS client (hardware router) is not supported as the logon may be managed by a different agent to the logoff.
- When a Wi-Fi session is denied, the user is prompted to enter new credentials. There is currently no way to display a more intelligible message to the user.
Currently, there is no hardware compatibility list showing all hardware routers and Wi-Fi access points that are compatible with UserLock. We therefore suggest you test your hardware device with UserLock.