What Is Wireless Network Policies Extension?

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

What Is Wireless Network Policies Extension?

This section describes the Wireless Network Policies Extension. On computers running Microsoft Windows Server 2003 Active Directory, domain administrators use the Wireless Network Policies Extension to automate wireless Group Policy management. The Wireless Network Policies Extension is one of the Group Policy client-side extensions that “plug” into the Group Policy infrastructure.

Wireless Network Policies Extension is one of the general classes of Group Policy settings that are implemented as extensions to the operating system. These extensions are packaged as DLLs, and exist as two types of extensions:

  • MMC snap-in—An administration and configuration extension that runs on the server.

  • Client-Side Extension—An extension that interprets and applies the MMC type settings to the target system (client), and which runs on the client.

The following figure shows an overview of a wireless network. The MMC snap-in fits in the Directory box on the server, and the CSE fits in the Wireless Client box.

Wireless Network Overview

Wireless Network Overview

Organizations need a way to centrally manage wireless Group Policy configuration for multiple users. The administrator needs to make specific wireless Group Policy decisions, including:

  • Group Policy object (GPO) application criteria.

  • Number of GPOs required.

  • Location of GPOs.

  • Number of Wireless LAN (WLAN) profiles required.

The Wireless Network Policies Extension provides central wireless Group Policy management that includes:

  • Active Directory-based group filtering to provide Wireless Network Policy to a single computer global group.

  • A single GPO Wireless Network Policy.

  • A single GPO created and applied from the ForestRootDomain object.

  • A single WLAN profile configured for 802.1x-compliant organizations. For multiple profiles, you have the option to support a phased migration from a legacy production WLAN.

This solution implementation is seen in the following figure. The figure shows the Group Policy Object Editor for a GPO, named gpo_Name. The Wireless Network (IEEE 802.11) Policies node contains a single wireless policy, named GPfield. It is from this central location that you implement the above wireless Group Policy solution.

Group Policy Object Editor for the gpo_Name GPO

Group Policy Object Editor for the gpo_Name GPO

You can use the Wireless Network Policies Extension to configure Active Directory-based Group Policy configurations for client computers. Specifically, the Wireless Network Policies Extension enables you to:

  • Make wireless network Group Policy settings to protect a wireless network from unauthorized access by client computers with a compatible WLAN adapter.

  • Protect data transferred over the wireless network, based on Group Policy settings.

  • Make wireless network Group Policy settings to implement either certificate-based or password-based authentication for client computers accessing the wireless network.

  • Configure Group Policy to add User authentication to computer authentication, ensuring round-the-clock network availability.

This Group Policy affects wireless client interaction between wireless Access Points (AP), the RADIUS server, and other wireless networks.