Define preferred wireless networks in Group Policy

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To define preferred wireless networks in Group Policy

  1. In Wireless Network (IEEE 802.11) Policies, double-click the wireless network policy that you want to configure.

  2. On the Preferred Networks tab, choose whether to add a new preferred wireless network or edit or remove an existing one:

    • To add a new preferred wireless network, click Add.

    • To edit an existing preferred wireless network, click Edit.

    • To remove an existing preferred wireless network, click Remove.

  3. If you are adding or editing a preferred wireless network, in Properties, click the Network Properties tab, and then do any of the following:

    • To name the preferred wireless network or to change the existing name, type a unique name in Name.

    • To provide a description of the preferred wireless network, such as the type of network, whether a network key is required, and whether IEEE 802.1X authentication is enabled, type a description in Description.

    • If a network key is required to connect to the preferred wireless network, do the following:

      To specify that a network key is used for authentication to the wireless network, from the drop-down list in Network authentication, select one of the following:

      • Shared

      • WPA

      • WPA-PSK

      If you do not select this check box, open system authentication is used. For more information, see Notes.

      To specify that a network key is used to encrypt the data that is sent over the network, from the drop-down list in Data encryption, select one of the following:

      For Shared, select one of the following:

      • Disabled

      • WEP

      For WPA, select one of the following:

      • WEP

      • TKIP

      • AES

      For WPA-PSK, select one of the following:

      • WEP

      • TKIP

      • AES

      Note

      By default, Data encryption, WEP is selected.

      To specify that a network key is automatically provided for clients (for example, if you are using 802.1X for dynamic key distribution), select the The key is provided automatically check box.

    • If the preferred wireless network connection that you are configuring is to a computer-to-computer (ad hoc) network, select the This is a computer-to-computer (ad hoc) network; wireless access points are not used check box.

  4. To specify that 802.1X authentication is used for the preferred wireless network connection, click the IEEE 802.1x tab, and then configure settings as needed. For more information, see Related Topics.

Important

  • It is highly recommended that you use 802.1X authentication whenever you connect to an 802.11 wireless network. 802.1X is an IEEE standard that enhances security and deployment by providing support for centralized user identification, authentication, dynamic key management, and accounting. For information about how to define 802.1X authentication settings in Group Policy, see Related Topics.

Important

  • For enhanced security, in Windows XP Service Pack 1 and in the Windows Server 2003 family, 802.1X authentication is available only for access point (infrastructure) networks that require the use of a network key (WEP). WEP provides data confidentiality by encrypting the data that is sent between wireless clients and wireless access points. For additional information about security for wireless networks, see Related Topics.

Important

  • For enhanced security and connectivity, do not select the Network authentication (Shared mode) check box. When this check box is selected, shared key authentication is used, rather than open system authentication. Shared key authentication is less secure than open system authentication because it requires the exchange of a secret key that is shared by all wireless access points and clients and therefore is more vulnerable to known-text attacks. In addition, if you select this check box for a wireless network that has multiple wireless access points, clients will lose network connectivity when they travel from one wireless access point to a new wireless access point.

Notes

  • To perform this procedure, you must be a member of the Domain Admins group in Active Directory, or you must have permission to edit Group Policy objects (for more information, see Related Topics). As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Wireless Network (IEEE 802.11) Policies, you must access Active Directory-based wireless network policies. For more information, see Related Topics.

  • WPA includes two modes: one using 802.1X and RADIUS authentication, which is simply known as WPA, and another, simpler scheme for SOHO environments using a pre-shared key (known as WPA-PSK). For environments with a RADIUS infrastructure, WPA supports EAP and RADIUS.

  • Although WPA support is now mandatory for all Wi-Fi certified hardware, existing network equipment that is not WPA-compliant must be upgraded to support WPA.

  • Support for Wireless Policy Group Policy controlled settings is not available in Windows Server operating systems before Windows Server 2003 with Service Pack 1 (SP1). There is no way to script WLAN settings for Windows XP without Windows Server 2003 SP1.

  • If the Network authentication (Shared mode) check box is not selected (that is, if open system authentication is used), no authentication is provided. Open system authentication only performs identity verification.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Add, edit, or remove Active Directory-based wireless network policies
Access Active Directory-based wireless network policies
Define 802.1X authentication for wireless networks in Group Policy
Configuring wireless network settings on client computers
Security information for wireless networks
Understanding 802.1X authentication for wireless networks
Group Policy (pre-GPMC)