Configuring Wireless Network Policies
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Wireless network settings can be configured locally, by users on client computers, or centrally. To enhance the deployment and administration of wireless networks, you can use Group Policy to centrally create, modify, and assign wireless network policies for Active Directory clients. When you use Group Policy to define wireless network policies, you can configure wireless network connection settings, enable IEEE 802.1X authentication for wireless network connections, and specify the preferred wireless networks that clients can connect to. When you create and configure wireless policies, you have the options that are described in Table 4.4. For more information about configuring wireless policies, see "Define Active Directory-based wireless network policies" in Help and Support Center for Windows Server 2003.
Table 4.4 Configuration Settings for General Policy
| Options | Comments |
|---|---|
Name |
Name of the policy. Use a unique and descriptive name of up to 255 characters that easily identifies the policy. |
Check for policy changes every |
Specifies in minutes how often to poll Active Directory for changes to this policy. Applies only to computers that are members of an Active Directory domain. The default is 180 minutes. |
Network to access
|
Specifies the types of IEEE 802.11 wireless networks that are available for clients to try to connect to. |
Use Windows to configure my wireless network settings |
Specifies whether client settings are automatically configured for IEEE 802.11 wireless network connections. |
Automatically connect to non-preferred networks |
Specifies whether clients can try to connect to any available IEEE 802.11 wireless networks that are within range. |
Network authentication services
The IEEE 802.11–supported network authentication services provide open system and shared key authentication. Open system authentication permits any wireless device to associate with an access point. Shared key authentication requires a network key to be used. For security reasons shared key authentication is not recommended. Instead, open system authentication used in conjunction with 802.1X authentication is recommended.
Network keys
When you enable WEP, you can require that a network key be used for encryption. You can specify a key (by typing a key in the Network key text box when you configure the wireless connection). If you specify a key, you can also provide its location in the Key index text box (on the Properties page for Wireless Network Connections). Table 4.5 includes descriptions of the configuration settings for requiring network keys.
Table 4.5 Configuration Settings for Preferred Networks
| Options | Comments |
|---|---|
Networks |
Lists the IEEE 802.11 wireless networks to which clients can try to connect. Use the Move Up and Move Down buttons to prioritize the list. Use the Add button to add a new wireless network. You can also edit properties of a network by using the Edit button, or use the Remove option to remove an entry from the list. |
Network name (SSID) |
Specifies the name for the specified wireless network. Under the IEEE 802.11 standard, the network name is also known as the Service Set Identifier (SSID). |
Description |
Provides a description for the specified wireless network. Use a unique description of up to 255 characters. |
Wireless network key (WEP)
|
Data Encryption (WEP enabled) specifies that a network key is used to encrypt the data that is sent over the network.
The key is provided automatically specifies that a network key is automatically provided for clients. |
This is a computer-to-computer (ad hoc) network; wireless access points are not used |
Specifies whether this preferred network is a computer-to-computer ad hoc network. If this check box is not selected, this network is an access point (infrastructure) network. |
IEEE 802.1X authentication
To provide user and computer identification, centralized authentication, and dynamic key management, you can enable IEEE 802.1X authentication.
You can use Group Policy to create a wireless configuration policy to configure IEEE 802.11 and IEEE 802.1X values. Table 4.6 and Table 4.7 list the wireless network policy settings that you can specify.
Table 4.6 Wireless Network (IEEE 802.11) Policy Settings
| Options | Comments |
|---|---|
Enable network access control using IEEE 802.1X |
Use 802.1X authentication when you connect to an 802.11 wireless network. |
EAPOL-Start message
|
Specifies how Extensible Authentication Protocol over LAN (EAPOL)-start messages are transmitted. |
Table 4.7 Wireless Network (IEEE 802.1X) Authentication Settings
| Options | Comments |
|---|---|
Parameters (seconds):
|
Default Max start value is 3 seconds. Default Held period is 60 seconds. Default Start period is 60 seconds. Default Authentication period is 30 seconds. |
EAP type:
|
Click Settings to specify the options to use when connecting, including: using a smart card or certificate on the computer; validating server certificate; specifying which servers to connect to; Trusted Root Certification Authorities; viewing certificates; and selecting and configuring an authentication method. |
Authenticate as guest when user or computer information is unavailable |
Specifies whether clients attempt authentication to the wireless network as guests when user or computer information is not available. |
Authenticate as computer when computer information is available |
Specifies whether client computers must attempt authentication to the wireless network when a user is not logged on. The default setting is Enabled. |
Computer authentication:
|
It is recommended that you select With user re-authentication. When this option is selected, authentication is performed by using the computer credentials when users are not logged on to the computer. After a user logs on to the computer, authentication is performed by using the user credentials. When a user logs off of the computer, authentication is performed by using the computer credentials. |