Using Group Policy to Configure Wireless Settings
In AD DS environments, you can use Group Policy settings to configure wireless network policies. For best results, you should have Windows Server 2003 SP1 or later installed on your domain controllers because Microsoft extended support for wireless Group Policy settings when they released SP1.
Before you can use Group Policy to configure wireless networks, you need to extend the AD DS schema using the 802.11Schema.ldf file included on this book's companion media. If you do not have access to the companion media, you can copy the schema file from http://technet.microsoft.com/en-us/library/bb727029.aspx. To extend the schema, follow these steps:
- Copy the 802.11Schema.ldf file to a folder on a domain controller.
- Log on to the domain controller with Domain Admin privileges and open a command prompt.
- Select the folder containing the 802.11Schema.ldf file and run the following command
(where Dist_Name_of_AD_Domain is the distinguished name of the AD DS
domain whose schema is being modified.
ldifde -i -v -k -f 802.11Schema.ldf -c DC=X Dist_Name_of_AD_Domain
- Restart the domain controller.
After you extend the schema, you can configure a wireless network policy by following these steps:
- Open the Active Directory GPO in the Group Policy Object Editor.
- Expand Computer Configuration, Windows Settings, Security Settings, and then click Wireless Network (IEEE 802.11) Policies.
- Right-click Wireless Network (IEEE 802.11) Policies and then click Create A New Windows Vista Policy. The Wireless Network Properties dialog box appears.
- To add an infrastructure network, click Add and then click Infrastructure to open the Connection tab of the New Profile Properties dialog box. In the Network Names list, click NEWSSID and then click Remove. Then, type a valid internal SSID in the Network Names box and click Add. Repeat this to configure multiple SSIDs for a single profile. If the network is hidden, select the Connect Even If The Network Is Not Broadcasting check box.
- On the New Profile Properties dialog box, click the Security tab. Use this tab to configure the wireless network authentication and encryption settings. Click OK.
Note This resource kit does not cover how to design wireless networks. However, you should avoid using Wired Equivalent Privacy (WEP) whenever possible. WEP is vulnerable to several different types of attack, and WEP keys can be difficult to change. Whenever possible, use WPA or WPA 2, which both use strong authentication and dynamic encryption keys. The settings described in the previous process will configure client computers to connect automatically to your internal wireless networks and to not connect to other wireless networks.
In this tutorial:
- Configuring Windows Networking
- Usability Improvements
- Network And Sharing Center
- Network Explorer
- How Windows Finds Network Resources
- How Windows Publishes Network Resources
- How Windows Creates the Network Map
- Network Map
- Set Up A Connection Or Network Wizard
- Manageability Improvements
- Network Location Types
- Policy-Based QoS
- Selecting DSCP Values
- Planning Traffic Throttling
- Configuring QoS Policies
- Configuring System-Wide QoS Settings
- Configuring Advanced QoS Settings
- Testing QoS
- Windows Firewall and IPsec
- Windows Connect Now in Windows 7
- Core Networking Improvements
- Networking BranchCache
- How Hosted Cache Works
- How Distributed Cache Works
- Configuring BranchCache
- BranchCache Protocols
- File Sharing Using SMB
- Web Browsing with HTTP (Including HTTPS)
- Efficient Networking
- What Causes Latency, How to Measure It, and How to Control It
- TCP Receive Window Scaling
- Scalable Networking
- Improved Reliability
- IPv6 Support
- 802.1X Network Authentication
- Server Message Block (SMB) 2.0
- Strong Host Model
- Wireless Networking
- Improved APIs
- Network Awareness
- Improved Peer Networking
- Services Used by Peer-to-Peer Networking
- Managing Peer-to-Peer Networking
- Peer-to-Peer Name Resolution
- EAP Host Architecture
- Layered Service Provider (LSP)
- Windows Sockets Direct Path for System Area Networks
- How to Configure Wireless Settings
- Configuring Wireless Settings Manually
- Using Group Policy to Configure Wireless Settings
- How to Configure TCP/IP
- Configuring IP Addresses Manually
- Command Line and Scripts
- How to Connect to AD DS Domains
- How to Connect to a Domain When 802.1X Authentication Is Not Enabled
- How to Connect to a Domain When 802.1X Authentication Is Enabled