Create a Group for a Network Policy

Open the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, and then click the domain where you want to create a group.

Do one of the following:

• To create a group whose members are computers, in the details pane, right-click Computers, click New, and then click Group.
  
  
• To create a group whose members are users, in the details pane, right-click Users, click New, and then click Group.
  
  

The New Object - Group dialog box opens.

In New Object - Group, in Group name, type a name for the group.

In Group scope, select Domain local, Global, or Universal.

In Group type, ensure that Security is selected, and then click OK.

Double-click either Computers or Users, depending on where you created your group, and then double-click the group you created to open group properties.

In group properties, click the Members tab, and then click Add. The Select Users, Contacts, Computers, or Groups dialog box opens.

In Select Users, Contacts, Computers, or Groups, in Enter the object names to select, type the object names that you want to add to the group, and then click OK twice.

Open the NPS console, and then double-click Policies. Right-click Network Policies, and then click New. The New Network Policy wizard opens.

Run the wizard, making selections appropriate to your deployment, until you reach the Specify Conditions page.

In Specify Conditions, click Add. The Select condition dialog box opens. If you created a group of computers, click Machine Groups. If you created a group of users, click User Groups.

Click Add. The Windows Groups dialog box opens. Click Add Groups.

The Select Group dialog box opens. In Enter the object name to select, type the name of the group that you created in AD DS, and then click OK.

Configure additional conditions for your deployment as needed, and then continue running the New Network Policy wizard until you have completed creating a new network policy.