Configuring Wireless Clients
You can configure wireless clients in the following three ways:
- Through Group Policy
- By configuring and deploying wireless XML profiles
- Manually
Configuring Wireless Clients Through Group Policy
To configure Wireless Network (IEEE 802.11) Policies group policy settings, perform the following steps:
- From a computer running Windows Server 2008 that is a member of your Active Directory domain, click Start, type mmc, and then press Enter.
- In the MMC console window, click File, and then click Add/Remove Snap-in.
- In the list of available snap-ins, double-click the Group Policy Management Editor.
- In the Select Group Policy Object dialog box, click Browse. In the Browse For A Group Policy Object dialog box, click the appropriate Active Directory Group Policy Object (such as Default Domain Policy), and then click OK.
- Click Finish, and then click OK.
- In the console tree, open the Group Policy Object, then Computer Configuration, then Windows Settings, then Security Settings, and then Wireless Network (IEEE 802.11) Policies.
- Right-click Wireless Network (IEEE 802.11) Policies, and then click either Create a New Windows Vista Policy or Create a New Windows XP Policy.
For a new Windows Vista wireless policy, perform the following steps:
- In the details pane, double-click your newly created Windows Vista wireless network policy. The policy's Properties dialog box appears.
- On the General tab, type a name for the policy and a description.
- On the Network Permissions tab, add allowed and denied wireless networks by name as needed.
- On the General tab, click Add to add a wireless network profile, and then click Infrastructure to specify an infrastructure mode wireless network.
- On the Connection tab, type the wireless network name (SSID) and a description (optional), and then specify connection settings as needed.
- On the Security tab, specify the authentication and encryption security methods.
- For WPA2, in the Authentication section, select WPA2, and then in the Encryption area, select AES.
- For WPA, select WPA in Authentication and either TKIP or AES in Encryption. Select AES only if both your wireless clients and wireless APs support WPA with AES encryption.
- In the Select A Network Authentication Method drop-down list, specify the EAP type.
For EAP-TLS:- Select Smart Card Or Other Certificate, and then click Properties.
- In the Smart Card Or Other Certificate Properties dialog box, configure EAP-TLS settings as needed, and then click OK. By default, EAP-TLS uses a registry-based certificate and validates the server certificate.
- For PEAP-MS-CHAP v2, no additional configuration is required. PEAP-MS-CHAP v2 is the default authentication method.
- Specify the authentication mode and other settings as needed.
- To configure advanced settings for 802.1X, including Single Sign On and Fast Roaming, click Advanced and specify settings as needed. Click OK when complete.
- Click OK to save the changes.
For a new Windows XP wireless policy, perform the following steps:
- In the details pane, double-click your newly created Windows XP wireless network policy. The Properties dialog box appears.
- On the General tab, change settings as needed.
- On the Preferred Networks tab, click Add to add a preferred network, and then click Infrastructure to specify an infrastructure mode wireless network.
- On the Network Properties tab, type the wireless network name (SSID), a description
(optional), specify whether this wireless network is non-broadcast, and then specify the security methods.
- For WPA2, in the Authentication drop-down list, select WPA2, and then in the Encryption drop-down list, select AES.
- For WPA, in the Authentication drop-down list, select WPA, and then in the Encryption drop-down list, select TKIP.
- On the IEEE 802.1X tab, specify the EAP type.
For EAP-TLS:- In the EAP Type drop-down list, select Smart Card Or Other Certificate, and then click Settings.
- In the Smart Card Or Other Certificate Properties dialog box, configure EAP-TLS settings as needed, and then click OK. By default, EAP-TLS uses a registry-based certificate and validates the server certificate.
- For PEAP-MS-CHAP v2, no additional configuration is required. PEAP-MS-CHAP v2 is the default authentication method.
- Also on the IEEE 802.1X tab, specify the authentication mode and other settings as needed.
- Click OK twice to save changes.
The next time your Windows Vista, Windows Server 2008, Windows XP with SP2, Windows XP with SP1, or Windows Server 2003 wireless clients update the Computer Configuration group policy, the wireless network settings in the Group Policy Object will be automatically applied.
In this tutorial:
- IEEE 802.11 Wireless Networks
- Support for IEEE 802.11 Standards
- Wireless Security
- WPA
- Planning and Design Considerations
- Wireless Authentication Modes
- Intranet Infrastructure
- Wireless AP Placement
- Authentication Infrastructure
- Wireless Clients
- Windows Vista Wireless Policy
- Windows XP Wireless Policy
- Command-Line Configuration
- PKI
- 802.1X Enforcement with NAP
- Deploying Protected Wireless Access
- Configuring Active Directory for Accounts and Groups
- Deploying Wireless APs
- Configuring Wireless Clients
- Configuring and Deploying Wireless Profiles
- Maintenance for a Protected Wireless
- Troubleshooting Wireless Connections
- Network Diagnostics Framework Support for Wireless Connections
- Wireless Diagnostics Tracing
- NPS Event Logging
- Troubleshooting the Windows Wireless Client
- Troubleshooting the Wireless AP
- Common Wireless AP Problems
- Troubleshooting the Authentication Infrastructure
- Troubleshooting Certificate-Based Validation
- Troubleshooting Password-Based Validation