Create a Group for a Network Policy
Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
You can use this procedure to create a user or computer group in Active Directory® Domain Services (AD DS) and then add the group as a condition in a Network Policy Server (NPS) network policy.
Membership in Domain Admins , or equivalent, is the minimum required to complete this procedure.
To create a group for a network policy
Open the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, and then click the domain where you want to create a group.
Do one of the following:
To create a group whose members are computers, in the details pane, right-click Computers , click New , and then click Group .
To create a group whose members are users, in the details pane, right-click Users , click New , and then click Group .
The New Object - Group dialog box opens.
In New Object - Group , in Group name , type a name for the group.
In Group scope , select Domain local , Global , or Universal .
In Group type , ensure that Security is selected, and then click OK .
Double-click either Computers or Users , depending on where you created your group, and then double-click the group you created to open group properties.
In group properties, click the Members tab, and then click Add . The Select Users, Contacts, Computers, or Groups dialog box opens.
In Select Users, Contacts, Computers, or Groups , in Enter the object names to select , type the object names that you want to add to the group, and then click OK twice.
Open the NPS console, and then double-click Policies . Right-click Network Policies , and then click New . The New Network Policy wizard opens.
Run the wizard, making selections appropriate to your deployment, until you reach the Specify Conditions page.
In Specify Conditions , click Add . The Select condition dialog box opens. If you created a group of computers, click Machine Groups . If you created a group of users, click User Groups .
Click Add . The Windows Groups dialog box opens. Click Add Groups .
The Select Group dialog box opens. In Enter the object name to select , type the name of the group that you created in AD DS, and then click OK .
Configure additional conditions for your deployment as needed, and then continue running the New Network Policy wizard until you have completed creating a new network policy.