Centrally Manage Wired Client Security and Connectivity Settings

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2

Depending on the organization, the number of computers on a network can range from a just a few to hundreds and more. In the case of small networks, it is possible to manually configure the connectivity and security settings on each computer. However, as the number of computers on your network grows, it becomes increasingly important to centrally manage the security and connectivity settings on client computers on your network.

For medium and large organizations as well as enterprise networks that use Active Directory Domain Services (AD DS), managing wired client security and connectivity settings by using Group Policy Management is generally the most time- and cost-effective method. This is especially true in environments that use a mixture of computers running Windows Vista and Windows XP with Service Pack 3 or later versions.

For more information, see PEAP-MS-CHAP v2-based Authenticated Wired Access Design and EAP-TLS-based Authenticated Wired Access Design.

To illustrate, Example Company (Example.com) has 150 computers running Windows XP with Service Pack 3. Because of a recent expansion, the management at Example Company has decided to distribute an additional 300 computers running Windows Vista to their employees. As an alternative to manually configuring the necessary settings on each of the new computers, or writing logon scripts to perform the configuration, they have decided to use Wired Network (IEEE 802.3) Policies in Group Policy Management that is provided by domain controllers running Windows Server 2008 to centrally manage the 802.1X security and the network connectivity settings on all 450 of their computers.

The following features and components are required to centrally manage security and connectivity settings on domain-member computers:

  • Active Directory Domain Services (AD DS). AD DS contains the user accounts, computer accounts, and account properties.

  • Group Policy Management. This design uses Wired Network (IEEE 802.3) Policies in Group Policy Management to configure the security and connectivity settings on wired client computers that are required for 802.1X authenticated wired access.

  • Client computers. This deployment provides 802.1X authenticated wired access to domain-member users who connect to the network by using client computers running either Windows Vista or Windows XP with Service Pack 3 (SP3) or later versions. Computers must be members of the domain in order to successfully establish 802.1X authenticated wired access.