Maintenance for a Protected Wireless
The areas of maintenance for a protected wireless solution are as follows:
- Manage user and computer accounts
- Manage wireless APs
- Update wireless profiles
Managing User and Computer Accounts
When a new user or computer account is created in Active Directory and that user or computer is allowed wireless access, do the following:
- If you are managing network access permission by account, no additional action is necessary. By default, new accounts created in native-mode Active Directory domains have their network access permission set to Control Access Through NPS Network Policy.
- If you are managing network access permission by group, add the new account to the appropriate group for wireless connections. For example, add the new account to the WirelessAccounts security group, which is specified in the network policy for wireless connections.
When user or computer accounts are deleted in Active Directory, no additional action is necessary to prevent wireless connections.
As needed, you can create additional universal groups and network policies to set wireless network access for different sets of users. For example, you can create a global WirelessAccessContractors group and a network policy that allows wireless connections to members of the WirelessAccessContractors group only during normal business hours or for access to specific intranet resources.
Managing Wireless APs
Once deployed, wireless APs do not need a lot of ongoing maintenance. Most of the ongoing changes to wireless AP configuration are due to managing wireless network capacity and changes in network infrastructure.
Adding a Wireless APTo add a wireless AP, do the following:
- Follow the design points and deployment steps in the "Deploying Wireless APs" section of this tutorial to add a new wireless AP to your wireless network.
- Add the wireless AP as a RADIUS client to your NPS servers.
When removing a wireless AP, update the configuration of your NPS servers to remove the wireless AP as a RADIUS client.
Configuration for Changes in NPS Servers
If the NPS servers change (for example, because of additions or removals of NPS servers on the intranet), you will need to do the following:
- Ensure that new NPS servers are configured with RADIUS clients corresponding to the wireless APs and with the appropriate network policies for wireless access.
- Update the configuration of the wireless APs for the new NPS server configuration as needed.
Updating Wireless XML Profiles
To update a wireless XML profile and apply it to your Windows Vista or Windows Server 2008 wireless clients, do the following:
- If you are using a Windows Vista or Windows Server 2008 wireless client or if you have a Windows Vista wireless policy, create an updated XML profile by running the netsh wlan export profile command.
- Execute the netsh wlan add profile command to import the XML profile on your wireless clients through a script or other method.
In this tutorial:
- IEEE 802.11 Wireless Networks
- Support for IEEE 802.11 Standards
- Wireless Security
- WPA
- Planning and Design Considerations
- Wireless Authentication Modes
- Intranet Infrastructure
- Wireless AP Placement
- Authentication Infrastructure
- Wireless Clients
- Windows Vista Wireless Policy
- Windows XP Wireless Policy
- Command-Line Configuration
- PKI
- 802.1X Enforcement with NAP
- Deploying Protected Wireless Access
- Configuring Active Directory for Accounts and Groups
- Deploying Wireless APs
- Configuring Wireless Clients
- Configuring and Deploying Wireless Profiles
- Maintenance for a Protected Wireless
- Troubleshooting Wireless Connections
- Network Diagnostics Framework Support for Wireless Connections
- Wireless Diagnostics Tracing
- NPS Event Logging
- Troubleshooting the Windows Wireless Client
- Troubleshooting the Wireless AP
- Common Wireless AP Problems
- Troubleshooting the Authentication Infrastructure
- Troubleshooting Certificate-Based Validation
- Troubleshooting Password-Based Validation