Could you give us some more details around your clients and the wireless network config?
Generally speaking, you want to enable Machine auth with User Auth. Assuming you are already doing PEAP user auth with Windows clients running Wireless Zero Config, and ACS 4.2 performing your RADIUS authentication, then you'll want to do the following:
- Configure the wireless profile on the PC to include machine auth: On the Authentication Tab of the wireless profile, simply check/tick the "Authenticate as computer when computer information is available"
- On the ACS 4.2, enable machine auth, and perhaps Machine Access Restriction, in the windows database config section. Read the Cisco documentation very carefully about how MAR works to ensure it meets your needs.
The ACS guide also has a good section on enabling machine auth on Windows machines.