If wireless network configuration settings have been defined both on the local computer (by the user) and in a GPO that affects that computer, the wireless network settings are merged, and the user cannot change the Group Policy wireless network settings. One exception to this rule is the Wired Equivalent Privacy (WEP) key. The user also cannot change the order in which the settings are applied. The wireless networks can be access point (infrastructure) or computer-to-computer (ad hoc) networks. The merging process and order of precedence occur according to the following rules:
-
Infrastructure networks always have higher precedence than ad hoc networks.
-
Group Policy overrides user-defined policy, and the wireless network policy configurations have the highest precedence of their respective group of configurations (infrastructure or ad hoc).
For example, an administrator might define a GPO with the following wireless configuration settings, and then select The key is provided for me automatically option:
-
Service Set Identifier (SSID): any
-
Network type: either infrastructure or ad hoc
-
Authentication mode: either open or shared
-
Encryption: WEP
In this case, the user can clear the The key is provided for me automatically check box,and type in different key information because WEP key configuration can be changed locally.
Example: Preferred Network Precedence
This example illustrates how the merging and ordering process occurs. The client computer is a member of WirelessClientsOU. A GPO named WirelessConfigGPO is assigned to WirelessClientsOU,and the GPO defines the following list of preferred networks:
-
Infrastructure network Ip1
-
Infrastructure network Ip2
-
Ad hoc network Ap1
-
Ad hoc network Ap2
The client computer has this list of user-defined preferred networks (local):
-
Infrastructure network Iu1, which is user defined and the same network as Ip1.
-
Infrastructure network Iu2, which is user defined and the same network as Ip2.
-
Infrastructure network Iu3.
-
Ad hoc network Au2, which is the same network as Ap2.
-
Ad hoc network Au3.
When the GPO is applied to that client, the resulting list of preferred networks is merged in the following order: Ip1, Ip2, Iu3, Ap1, Ap2, and Au3. This occurs because infrastructure networks take precedence over ad hoc networks and because settings in the OU take precedence over local settings. For example, Ip1 and Iu1 are the same network with different configurations; Ip1 is configured by a Group Policy, and Iu1 is configured locally.
For more information, see "Define Wireless Network Policies on a Client Computer" and "Define Active Directory–based wireless network policies" in Help and Support Center for Windows Server 2003.
Multiple GPOs
If a computer is subject to multiple GPOs that contain wireless network policies, the wireless settings that are defined in the GPO associated with the Active Directory container closest to the computer object takes precedence. Those settings will override the settings that are assigned to a higher level Active Directory container. In this case, the settings are not merged. For example, a client is a member of OU1 in the Redmond domain, and the following GPOs are being used:
-
GPOA. This GPO defines wireless network policies and is assigned to the Redmond domain.
-
GPO1. This GPO contains wireless policy settings and is assigned to OU1. The client is a member of this OU.
When the GPO list for this client is processed, the GPO1 wireless network settings take precedence and are in effect for this computer. The settings are not merged.