Expanding Your WLAN Test Deployment

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

After successfully deploying and testing a simple wireless network, you can add more complex features — such as Group Policy settings to more easily deploy and manage wireless clients, and a three-tier CA infrastructure to provide greater security for your enterprise WLAN.

Each time that you add a new component or feature, test your new deployment before expanding your test deployment further.

Configuring Group Policy Settings

For your initial test deployment, you configured your wireless clients without creating the Active Directory-based wireless network policies that enable you to preconfigure and replicate the wireless client configuration to all wireless clients. Wireless network policies are created by configuring Wireless Network (IEEE 802.11) Policies settings in Group Policy.

In addition, you did not use Group Policy to configure autoenrollment, which enables you to install certificates for the wireless clients automatically.

Instead, you manually configured some of the wireless client settings and used the Certificates console on the client computer to request the computer certificate. (Alternatively, you could have used Web enrollment to request the user or computer certificate.)

However, in your production WLAN deployment, you will want to use Group Policy to provide easier deployment and management of wireless clients and to enable autoenrollment for the installation of the certificates. Before embarking on an enterprise deployment of your WLAN, configure and test Group Policy settings to enable these features.

Note

  • To support automatic computer certificate allocation, the issuing CA must be an enterpise CA server running either Windows 2000 or Windows Server 2003. To support automatic user and computer certificate allocation, the issuing CA must be an enterpise CA server running either Windows Server 2003, Enterprise Edition or Windows Server 2003, Data Center Edition.

When you configure Group Policy settings to support your WLAN, decide whether you want to manage wireless connections through the domain or create a separate organizational unit (OU) for this purpose. Using an OU might be more efficient than entering Group Policy settings for the domain, which includes both wired and wireless clients.

Note

  • If you need to force a Group Policy update on the wireless client during your testing, you can use Gpupdate command-line tool. For Gpupdate parameters, see "Command-line reference" in Help and Support Center for Windows Server 2003.

For more information about:

Installing a Three-Tier CA

When you deploy your enterprise WLAN, it is recommended that you provide the extra security of a three-tier certificate infrastructure in which the root CA is offline. Therefore, after you finish deploying and testing your WLAN test environment with a single-tier CA, and then introducing Group Policies and retesting, it is a good practice to install a test version of the CA infrastructure that you plan to implement in your enterprise environment in your lab before doing so in your production environment.

For information about designing and deploying a certificate infrastructure, see "Designing a Public Key Infrastructure" in Designing and Deploying Directory and Security Services.