Managing the Windows XP-based Wireless Network Policies
Updated: May 9, 2012
Applies To: Windows Server 2012
Wireless network settings in the Wireless Network (IEEE 802.11) Policies Group Policy extension include global wireless settings, the list of preferred networks, Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) settings, and Institute of Electrical and Electronics Engineers (IEEE) 802.1X settings. These settings encompass all of the items on the Association and Authentication tabs in the Wireless Network (IEEE 802.11) Policies to configure wireless network access for client running Windows®°XP with Service°Pack°(SP)°2, Windows°XP with SP1, or Windows°Server®°2003.
This topic contains the following sections:
XP Policy Name
Provides a location for you to type a friendly name for the wireless network policy.
Provides a location for you to type a description for the wireless policy.
Networks to access
Specifies the types of wireless networks with which the wireless client is allowed to create connections:
Use Windows WLAN Auto Config service for clients
Enables the Wireless Zero Configuration service. When enabled, the Wireless Zero Configuration service is used to configure and connect clients running Windows°XP to wireless networks.
Automatically connect to non-preferred networks
Specifies that wireless clients can attempt to automatically connect to wireless networks that are not configured as preferred networks.
If selected, your domain-member wireless clients can connect to a non-preferred network after first attempting to connect to preferred networks.
IEEE 802.1X settings specify the behavior of wireless clients when connecting to an infrastructure wireless network that is configured for 802.1X authentication. Settings include authentication methods, (such as Extensible Authentication Protocol (EAP), authentication mode, and 802.1X-specific parameters.
Enable network access control using IEEE 802.1X
Specifies whether you want to use Institute of Electrical and Electronics Engineers (IEEE) 802.1X to perform authentication for your wireless network. If you clear this check box, all of the other settings on this tab become unavailable.
Specifies the network authentication method that connecting wireless clients use.
Default = Protected EAP (PEAP)
Opens the properties page of the selected network authentication method.
For setting information for network authentication methods, see:
EAPOL is the Extensible Authentication Protocol (EAP) over local area network (LAN) protocol.
This setting specifies the transmission behavior of the EAPOL-Start message when authenticating. You can select from the following:
Specifies how credentials are used for network authentication. The following options are available.
Default = User re-authentication
Authenticate as computer when computer information is available
Specifies whether the computer will attempt to authenticate using computer credentials when the user is not logged on.
Computer credentials are typically a computer certificate.
Default = Enabled
Authenticate as guest when user or computer information is unavailable
Specifies that client connection requests that cannot meet computer or user authentication requirements can connect to the network by using permissions configured for the Guest account.
Default = Not enabled
Max Eapol-Start Msgs
If no response is received to the original EAPOL-Start message, this setting specifies the maximum number of subsequent EAPOL-Start messages sent.
Default = 3
After a client has received notification of authentication failure, this setting specifies the number of seconds an authenticating client waits before it performs another 802.1X authentication request.
Default = 60
If no response is received to the original EAPOL-Start message, this setting specifies the number of seconds between the retransmission of subsequent EAPOL-Start messages.
Default = 5
After end-to-end 802.1X authentication is initiated, this setting specifies the number of seconds authenticating clients must wait before retransmitting any 802.1X requests.
Default = 30
You can use the Wireless Network (IEEE 802.11) Policy for Windows°XP clients to specify the name of the wireless network, network security authentication, such as Wi-Fi Protected Access 2 (WPA2), and Fast Roaming features.
Network Name (SSID)
Provides a location for you to type the wireless LAN network name, also known as the Service Set Identifier (SSID).
Provides a location for you to type a description of the wireless LAN network.
Connect even if network is not broadcasting
Specifies that wireless clients will actively probe for wireless access points with the specified SSID, if wireless access points are configured to suppress beacon broadcasts.
Specifies the security authentication method that is used between the wireless access point and the wireless client.
Default = Defaults to the most secure setting supported by the wireless hardware and drivers.
Specifies the security encryption to use for the selected network security authentication method.
If Authentication is set to WPA-Enterprise, WPA-Personal, WPA2-Enterprise, or WPA2-Personal, the encryption options are AES or TKIP.
If Authentication is set to Open, Shared, or Open with 802.1X, then encryption options are WEP or Disabled.
Enable Pairwise Master Key (PMK) Caching
Specifies that Pairwise Master Key (PMK) Caching is used for WPA2 Fast Roaming.
PMK Time to Live (Minutes)
Specifies the duration, in minutes, the PMK is held in cache.
Default = 720
Number of Entries in PMK Cache
Specifies the maximum number of PMK entries that are stored in cache.
Default = 128
This network uses pre-authentication
Specifies that pre-authentication is used for WPA2 Fast Roaming.
Pre-authentication enables WPA2 wireless clients that are connected to one wireless AP to perform 802.1X authentication with other wireless APs within its range. Pre-authentication stores the PMK and its associated information in the PMK cache. When the wireless client connects to a wireless AP with which it has pre-authenticated, it uses the cached PMK information to reduce the time required to authenticate and connect.
Default = Enabled
Maximum Pre-authentication attempts
Specifies the maximum allowed pre-authentication attempts.
This setting is available only when This network uses pre-authentication is selected.
Default = 3
You can use the settings on the Preferred Networks tab to add wireless networks, by name, to a prioritized list. That list specifies the order in which your domain-member wireless clients will attempt to connect to wireless networks.
If a client cannot connect to a preferred wireless network, and the wireless network is configured to prevent automatic connection to wireless networks that are not in the preferred list (the default), then the Wireless Zero Configuration service places the wireless network adapter in infrastructure mode using a random wireless network name. At this point, the wireless adapter is not connected to any wireless networks and continues to scan for preferred wireless networks.
Displays the prioritized list of preferred wireless networks. General profile information, such as Service Set Identifier (SSID), IEEE 802.1X status Enabled or Disabled, and encryption type, is displayed.
Allows you to add a wireless network profile, and specify the profile properties.
When you click Add, you will be presented with two options:
Allows you to change the configuration settings for the selected preferred wireless network profile.
Deletes the selected network from the list of preferred networks.
Moves a selected network to a higher connection priority in the list of preferred networks.
Moves a selected network to a lower connection priority in the list of preferred networks.