Windows 7 / Networking

Configuring Wireless Clients

You can configure wireless clients in the following three ways:

  • Through Group Policy
  • By configuring and deploying wireless XML profiles
  • Manually

Configuring Wireless Clients Through Group Policy

To configure Wireless Network (IEEE 802.11) Policies group policy settings, perform the following steps:

  1. From a computer running Windows Server 2008 that is a member of your Active Directory domain, click Start, type mmc, and then press Enter.
  2. In the MMC console window, click File, and then click Add/Remove Snap-in.
  3. In the list of available snap-ins, double-click the Group Policy Management Editor.
  4. In the Select Group Policy Object dialog box, click Browse. In the Browse For A Group Policy Object dialog box, click the appropriate Active Directory Group Policy Object (such as Default Domain Policy), and then click OK.
  5. Click Finish, and then click OK.
  6. In the console tree, open the Group Policy Object, then Computer Configuration, then Windows Settings, then Security Settings, and then Wireless Network (IEEE 802.11) Policies.
  7. Right-click Wireless Network (IEEE 802.11) Policies, and then click either Create a New Windows Vista Policy or Create a New Windows XP Policy.

For a new Windows Vista wireless policy, perform the following steps:

  1. In the details pane, double-click your newly created Windows Vista wireless network policy. The policy's Properties dialog box appears.
  2. On the General tab, type a name for the policy and a description.
  3. On the Network Permissions tab, add allowed and denied wireless networks by name as needed.
  4. On the General tab, click Add to add a wireless network profile, and then click Infrastructure to specify an infrastructure mode wireless network.
  5. On the Connection tab, type the wireless network name (SSID) and a description (optional), and then specify connection settings as needed.
  6. On the Security tab, specify the authentication and encryption security methods.
  7. For WPA2, in the Authentication section, select WPA2, and then in the Encryption area, select AES.
  8. For WPA, select WPA in Authentication and either TKIP or AES in Encryption. Select AES only if both your wireless clients and wireless APs support WPA with AES encryption.
  9. In the Select A Network Authentication Method drop-down list, specify the EAP type.
    For EAP-TLS:
    1. Select Smart Card Or Other Certificate, and then click Properties.
    2. In the Smart Card Or Other Certificate Properties dialog box, configure EAP-TLS settings as needed, and then click OK. By default, EAP-TLS uses a registry-based certificate and validates the server certificate.
    3. For PEAP-MS-CHAP v2, no additional configuration is required. PEAP-MS-CHAP v2 is the default authentication method.
  10. Specify the authentication mode and other settings as needed.
  11. To configure advanced settings for 802.1X, including Single Sign On and Fast Roaming, click Advanced and specify settings as needed. Click OK when complete.
  12. Click OK to save the changes.

For a new Windows XP wireless policy, perform the following steps:

  1. In the details pane, double-click your newly created Windows XP wireless network policy. The Properties dialog box appears.
  2. On the General tab, change settings as needed.
  3. On the Preferred Networks tab, click Add to add a preferred network, and then click Infrastructure to specify an infrastructure mode wireless network.
  4. On the Network Properties tab, type the wireless network name (SSID), a description (optional), specify whether this wireless network is non-broadcast, and then specify the security methods.
    • For WPA2, in the Authentication drop-down list, select WPA2, and then in the Encryption drop-down list, select AES.
    • For WPA, in the Authentication drop-down list, select WPA, and then in the Encryption drop-down list, select TKIP.
  5. On the IEEE 802.1X tab, specify the EAP type.
    For EAP-TLS:
    1. In the EAP Type drop-down list, select Smart Card Or Other Certificate, and then click Settings.
    2. In the Smart Card Or Other Certificate Properties dialog box, configure EAP-TLS settings as needed, and then click OK. By default, EAP-TLS uses a registry-based certificate and validates the server certificate.
    3. For PEAP-MS-CHAP v2, no additional configuration is required. PEAP-MS-CHAP v2 is the default authentication method.
  6. Also on the IEEE 802.1X tab, specify the authentication mode and other settings as needed.
  7. Click OK twice to save changes.

The next time your Windows Vista, Windows Server 2008, Windows XP with SP2, Windows XP with SP1, or Windows Server 2003 wireless clients update the Computer Configuration group policy, the wireless network settings in the Group Policy Object will be automatically applied.

[Previous] [Contents] [Next]

In this tutorial:

  1. IEEE 802.11 Wireless Networks
  2. Support for IEEE 802.11 Standards
  3. Wireless Security
  4. WPA
  5. Planning and Design Considerations
  6. Wireless Authentication Modes
  7. Intranet Infrastructure
  8. Wireless AP Placement
  9. Authentication Infrastructure
  10. Wireless Clients
  11. Windows Vista Wireless Policy
  12. Windows XP Wireless Policy
  13. Command-Line Configuration
  14. PKI
  15. 802.1X Enforcement with NAP
  16. Deploying Protected Wireless Access
  17. Configuring Active Directory for Accounts and Groups
  18. Deploying Wireless APs
  19. Configuring Wireless Clients
  20. Configuring and Deploying Wireless Profiles
  21. Maintenance for a Protected Wireless
  22. Troubleshooting Wireless Connections
  23. Network Diagnostics Framework Support for Wireless Connections
  24. Wireless Diagnostics Tracing
  25. NPS Event Logging
  26. Troubleshooting the Windows Wireless Client
  27. Troubleshooting the Wireless AP
  28. Common Wireless AP Problems
  29. Troubleshooting the Authentication Infrastructure
  30. Troubleshooting Certificate-Based Validation
  31. Troubleshooting Password-Based Validation