New Profile Properties - Security

  • Article

Applies To: Windows 7, Windows Server 2008 R2

You can use security settings that are provided in Wireless Network (IEEE 802.11) Policies to specify the authentication parameters that your wireless network clients use to initiate requests for 802.1X authenticated wireless access.

On the Security tab of New Wireless Network Policy Properties:

  • Security settings are separated into two groups of configuration items: Select the security methods for this network and Select a network authentication method.

  • You must enable WPA2-Enterprise, WPA-Enterprise, or Open with 802.1X to expose Extensible Authentication Protocol (EAP) authentication settings.

  • You must enable WPA2-Enterprise, WPA-Enterprise, WPA2-Personal or Open with 802.1X to access Advanced security settings. If you select WPA2-Personal, Perform cryptography in FIPS 140-2 certified mode is the only setting available for configuration.

  • Fast Roaming is a feature of WPA2-Enterprise. You must enable WPA2-Enterprise to expose the Fast Roaming settings on the Advanced security settings tab.

Security - configuration items

Network Security Method - Configuration Items pertain to the authentication and security that the client uses to exchange data with the wireless access point.

Network Authentication Method - Configuration Items pertain to the EAP method that is used for 802.1X authenticated network access.

Network security method - configuration items

Item Details

Authentication

Specifies the security authentication method to use when the wireless client associates with the wireless access point.

  • Open

  • Shared

  • WPA-Enterprise

  • WPA-Personal

  • WPA2-Enterprise

  • WPA2-Personal

  • Open with 802.1X

Default = the most secure setting supported by the wireless hardware and drivers.

Encryption

Specifies the security encryption to use for the selected network security authentication method.

If the Authentication is set to WPA-Enterprise, WPA-Personal, WPA2-Enterprise, or WPA2-Personal, the encryption options are AES (Advanced Encryption Standard) or TKIP (Temporal Key Integrity Protocol).

If Authentication is set to Open, Shared, or Open with 802.1X, then encryption options are either WEP (Wired Equivalent Privacy) or Disabled.

Network authentication method - configuration items

Item Details

Select a network authentication method

Specifies the network authentication method that connecting wireless clients use:

  • Microsoft: Smart Card or other certificate (EAP-TLS)

  • Microsoft: Protected EAP (PEAP), which, by default, supports both “Smart card or other certificates” and “MS-CHAP v2” authentication types.

Default = Protected EAP (PEAP) with MS-CHAP v2, and Windows logon credentials.

Properties

Opens the properties page of the selected network authentication method.

For setting information for network authentication methods, see:

Network Authentication Methods Properties

Authentication Mode

Specifies how network authentication is performed:

  • User or Computer authentication. An 802.1X-compliant device always uses security credentials based on the current state of the computer. Authentication is performed by using the computer credentials when no users are logged on to the computer. When a user logs on to the computer, authentication is always performed by using the user credentials.

    This is the recommended setting.

  • Computer authentication. Authentication is always performed by using only the computer credentials.

  • User authentication. Specifies that when users are not logged on to the computer, authentication is performed by using the computer credentials. After a user logs on to the computer, authentication is still based on the computer credentials. Authentication is performed by using the user credentials if the user travels to a new wireless access point.

  • Guest authentication. Allows connections to the network which are regulated by the restrictions and permissions set for the Guest user account.

Default = User or Computer authentication

Max Authentication Failures

Specifies the maximum number of failed authentication attempts that can occur with a specific set of credentials before notification is displayed to indicate that authentication has failed.

Default = 1

Cache user information for subsequent connections to this network

Specifies that when the user logs off, the user credential data is saved in the registry. The next time the user logs on, the user is not prompted for their credentials (such as user name and password).

Default = enabled

Advanced

Provides access to advanced security settings.