Configure Windows Vista Wired Network (IEEE 802.3) Policies

Applies To: Windows Server 2008, Windows Vista

Use the procedure in this topic to configure the Wired Network (IEEE 802.3) Policies for client computers running Windows Vista that connect to your wired Ethernet network by using 802.1X-capable switches.

Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.


You can use the Windows Vista Wired Network (IEEE 802.3) Policies to configure computers running Windows Vista and Windows Server 2008. You cannot use this policy to configure computers running Windows XP. Computers running Windows XP cannot interpret settings in a Windows Vista Wired Network (IEEE 802.3) Policies.

To configure a wired connection profile for PEAP-MS-CHAP v2

  1. Open Wired Network (IEEE 802.3) Policies.

  2. On the General tab, do the following:

    1. In Policy Name, type a name for the wired network policy.

    2. In Description, type a brief description of the policy.

    3. Ensure that Use Windows Wired AutoConfig service for clients is selected.


For more information about the settings on any tab, press F1 while viewing that tab.

  1. On the Security tab, do the following:

    1. Select Enable use of IEEE 802.1X authentication for network access.

    2. In Select a network authentication method, select Protected EAP (PEAP).

    3. In Authentication mode, select User re-authentication.

    4. In Max Authentication Failures, specify the maximum number of failed attempts allowed before the user is notified that authentication has failed.

    5. To specify that user credentials are held in cache, select Cache user information for subsequent connections to this network.

  2. Click Advanced. On the Advanced tab, do the following:

    1. To configure advanced 802.1X settings, select Enforce advanced 802.1X settings, and then modify — only as necessary — the settings for: Max Eapol-Start Msgs, Held Period, Start Period, Auth Period, and Eapol-Start Message.

    2. To configure Single Sign On, select Enable Single Sign On for this network, and then modify — as necessary — the settings for:

      • Perform Immediately before User Logon

      • Perform Immediately after User Logon

      • Max delay for connectivity

      • Allow additional dialogs to be displayed during Single Sign On

      • Max delay with dialogs

      • This network uses different VLAN for authentication with machine and user credentials

  3. Click OK. On the Security tab, click Properties.

  4. In the Protected EAP Properties dialog box, do the following:

    1. Select Validate server certificate.

    2. In Trusted Root Certification Authorities, select the trusted root certification authority (CA) that issued the server certificate to your server running Network Policy Server (NPS).


This setting limits the root CAs that clients trust to the selected values. If you do not specify a trusted root CA, then clients will trust all root CAs in their trusted root certification authority store.

3.  To specify that PEAP Fast Reconnect is enabled, select **Enable Fast Reconnect**.  
4.  If Network Access Protection (NAP) is configured on your network, select **Enable Quarantine checks**. Otherwise, clear this check box.  
5.  Click **OK**, to save the Protected EAP (PEAP) settings.  
  1. Click OK to save the changes to the wired policy, and then close the Group Policy Management console.