Announcement

Collapse
No announcement yet.

Wireless GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wireless GPO

    Hi folks,

    I am implementing a Wireless solution at the moment as follows:

    (WPA2 Personal)

    Authentication - WPA2-PSK
    Encryption - AES

    Env background:
    Single AD domain running on Win 2003 sp1.

    I'm hoping to setup a wireless GPO to configure all the clients.
    so here it is what Idid.

    • Computer Config - Windows settings-Security settings- Wireless Network Policies
    • R click- Create Wireless Policy and followed the wizard.
    On the Preferred network added a new network and on the properties specified the relevant Authentication and encryption as WPA-PSK and AES respectively.
    Now, for some reason Enable IEEE 802.1x seems to be ticked and Grayed out.
    I leave those IEEE 802.1x options as the default ones and finish creating the policy.
    I notice that when I highlight the wireless policy I just created, a new button appears in the toolbar that says on mouse over: "Assign this policy, attempt to make it active"
    But nothing happens when I click that.
    When I check the policy setting the preferred networks section appears empty.

    Any Ideas why the IEEE 802.1x is seleted and grayed out by default and
    What is the "Asign this policy, attempt to make it active" button is?

    Any input will be appreciated.

    Cheers
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

  • #2
    Re: Wireless GPO

    I am just wondering whether a WPA2 Personal mode is supported at all via a GPO or am I missing something.

    Any pointers will be appreciated.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Wireless GPO

      You can certainly use WPA with 802.1X, or WPA-PSK which would be the most secure option - not only would your users need to authenticate themselves, but also only approved machines (ie machines setup with the WPA key) could get on the network.

      I think the whole point behind it is that if you're setting up wireless connections through a GPO, then you would be setting up the connection to authenticate with RADIUS.

      FYI, you can setup a RADIUS server on Server 03 with Internet Authentication Service, which ties in nicely with Active Directory for authentication.
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: Wireless GPO

        Thanks for the input GI,

        Unfortunately I couldn't use the Enterprise mode which involves ieee 802.1x authentication for reasons beyond my control, hence I'm settling for second best as far as "wireless security" is concerned.

        I've setup succesfully Enterprise mode with IAS in my Lab but I can't in the live env. because we haven't got a CA server in order to issue certificates.

        Ta
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Wireless GPO

          I think using certificates is optional? Don't quote me on that though.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment


          • #6
            Re: Wireless GPO

            Originally posted by gforceindustries View Post
            I think using certificates is optional? Don't quote me on that though.
            It is but only on the client end.

            You can configure IAS on the Server end to accept PEAP username/password authentication, which basically means any user or computer who is allowed access as configured in the remote access policy and can authenticate will be able to connect.

            Using either Smart Card/Ceritifcates or PEAP as the authentication method the server must identify itself with a certificate to the client though, so you need either a third party trusted certificate or your own CA.

            I used this guide:-
            http://articles.techrepublic.com.com...1-6148579.html
            to set it up and then tweaked the client and server settings so we have 2-way certificate authentication.
            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
            sigpic
            Cruachan's Blog

            Comment

            Working...
            X