Checklist: Enhance Wireless Network Security by Requiring Certificates for Authentication and Encryption

Applies To: Windows Server 2008

Wireless networks make it possible for network users to access data and resources from multiple locations without relying on a physical connection to the network. The large number and variety of wireless clients and the potential security risks that they pose make it important for administrators to enhance data protection and to prevent unwanted clients from accessing the network. Certificates issued and supported by a Microsoft certification authority (CA) can enhance the security of a wireless network with strong certificate-based authentication and encrypted communication between clients and network servers.


Task Reference

Set up additional subordinate CAs. (Optional)

Install a Subordinate Certification Authority

Install and configure certificate templates, including the RAS and IAS Server, Workstation Authentication, and User certificate templates.

Managing Certificate Templates

Configure certificate enrollment.

Set Up Automatic Certificate Enrollment

Deploy RAS and IAS Server certificates.

Deploy a CA and NPS Server Certificate

Configure 802.1X wireless clients by using Group Policy.

Configure 802.1X Wireless Clients Running Windows Vista with Group Policy

Configure 802.1X wireless access points as Remote Authentication Dial-In User Service (RADIUS) clients in Network Policy Server (NPS).

Add a New RADIUS Client

If you want to perform authorization by group, create a user group in Active Directory Domain Services (AD DS) that contains the users who are allowed to access the network through the wireless access points.

Create a Group for a Network Policy

In NPS, configure one or more network policies for 802.1X wireless access.

Add a Network Policy

Create policies for 802.1X Wired or Wireless with a Wizard

Community Additions