Creating, modifying, and assigning Active Directory-based wireless network policies

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Creating, modifying, and assigning Active Directory-based wireless network policies

Wireless network settings can be configured locally, by users on client computers, or centrally. To enhance the deployment and administration of wireless networks, you can use Group Policy to create, modify, and assign wireless network policies centrally, for Active Directory clients. When you use Group Policy to define wireless network policies, you can specify whether clients can use Windows to configure wireless network connection settings, whether to enable 802.1X authentication for wireless network connections, and the preferred wireless networks that clients can connect to.

When you assign an Active Directory-based wireless network policy, the policy is stored in Active Directory and it is cached in the registry on the local computer. If a computer is temporarily disconnected from a Windows 2000 or a Windows Server 2003 domain, the Active Directory policy that is cached in the local registry is applied instead, if such a policy has been cached.

A Group Policy object defines access, configuration, and usage settings for accounts and resources. Wireless network policies can be assigned to the Group Policy object of a site, domain, or organizational unit. When the wireless network policy is applied to one of the Group Policy objects for the Active Directory object, the wireless network policy is propagated to any computer accounts that are affected by that Group Policy object. For more information, see Group Policy overview.

When assigning a wireless network policy in Active Directory, consider the following:

  • Only a single wireless network policy can be assigned at a specific level in Active Directory.

  • A wireless network policy that is assigned for the domain takes precedence over local wireless network settings on a client computer, when a client computer is a member of the domain.

  • A wireless network policy that is assigned to an organizational unit in Active Directory takes precedence over a domain-level policy for members of that organizational unit.

  • An organizational unit inherits the policy of its parent organizational unit unless either policy inheritance is explicitly blocked or policy is explicitly assigned.

  • The highest possible level of the Active Directory hierarchy should be used to assign policies to reduce the amount of configuration and administration required.

For information about how to define Active Directory-based wireless network policies, see Define Active Directory-based Wireless Network Policies.

Note

  • The integration of IPSec policies with Active Directory described here does not apply to computers running Windows XP Home Edition. You cannot administer Active Directory-based IPSec policy from a computer running Windows XP Home Edition because these computers cannot join Active Directory domains.