Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

Configure Wired Authentication for NAP in Group Policy

Updated: February 29, 2012

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Windows Server® 2008, Windows Vista®, Windows Server 2008 R2, and Windows 7 include enhancements like an extended Active Directory schema to support 802.1X authenticating switches for 802.3 wired Ethernet connections. For more information, see Active Directory Schema Extensions for Windows Vista Wireless and Wired Group Policy Enhancements at http://go.microsoft.com/fwlink/?LinkID=167840.

Membership in the local Domain Admins group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

Use the following procedure to deploy wired authentication settings to NAP client computers for use with NAP and 802.1X enforcement.

  1. On a domain controller or member server with the Group Policy Management feature installed, click Start, click Run, type gpmc.msc, and then press ENTER.

  2. In the Group Policy Management console tree, open Group Policy Objects, right-click the name of the GPO you want to edit, and then click Edit. The Group Policy Management Editor opens.

  3. In the Group Policy Management Editor tree, open Computer Configuration\Policies\Windows Settings\Security Settings\Wired Network (IEEE 802.3) Policies.

  4. Right-click Wired Network (IEEE 802.3) Policies, and then click Create A New Windows Vista Policy.

  5. In New Vista Wired Network Policy Properties, on the General tab, under Policy Name, type a name for the policy (for example, NAP 802.1X Policy).

  6. Click the Security tab, under Select a network authentication method, verify that Microsoft: Protected EAP (PEAP) is selected, and then click Properties.

  7. In Protected EAP Properties, clear the Enable Fast Reconnect check box, and select the check box next to Enable Quarantine checks. See the following example.

    b3c91221-fa84-403d-8474-f737a929cd89
  8. If you want to use EAP-TLS as an inner authentication method, under Select Authentication Method, choose Smart Card or other certificate from the drop-down list.

    noteNote
    It might be difficult to see the available authentication methods. The two choices available from the drop-down list are Secured password (EAP-MSCHAP v2 and Smart Card or other certificate.

  9. If you want to customize EAP-MSCHAP v2 or EAP-TLS properties, click Configure. For example, you can prompt the user for credentials by clearing the Automatically use my Windows logon name and password (and domain if any) check box in EAP MSCHAP v2 Properties.

  10. Click OK twice, and then close the Group Policy Management Editor.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.