Configure Wireless Authentication for NAP in Group Policy

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Windows Server® 2008, Windows Vista®, Windows Server 2008 R2, and Windows 7 include enhancements like an extended Active Directory schema to support 802.1X authenticating switches for 802.3 wired Ethernet connections. For more information, see Active Directory Schema Extensions for Windows Vista Wireless and Wired Group Policy Enhancements at http://go.microsoft.com/fwlink/?LinkID=167840.

Membership in the local Domain Admins group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

Configure wireless authentication settings in Group Policy

Use the following procedure to deploy wired authentication settings to NAP client computers for use with NAP and 802.1X enforcement.

To configure wireless authentication settings in Group Policy

  1. On a domain controller or member server with the Group Policy Management feature installed, click Start, click Run, type gpmc.msc, and then press ENTER.

  2. In the Group Policy Management console tree, open Group Policy Objects, right-click the name of the GPO you want to edit, and then click Edit. The Group Policy Management Editor opens.

  3. In the Group Policy Management Editor tree, open Computer Configuration\Policies\Windows Settings\Security Settings\Wireless Network (IEEE 802.11) Policies.

  4. Right-click Wireless Network (IEEE 802.11) Policies.

    • If the policy applies to computers running Windows XP SP3, click Create a New Windows XP Policy. For detailed instructions, see Configure 802.1X Wireless Clients Running Windows XP with Group Policy (http://go.microsoft.com/fwlink/?LinkId=134784).

    • If the policy applies to computers running Windows Vista, click Create a New Windows Vista Policy. For detailed instructions, see Configure 802.1X Wireless Clients Running Windows Vista with Group Policy (http://go.microsoft.com/fwlink/?LinkId=134785).

  5. Both of these profiles require that you configure properties on the Protected EAP Properties dialog box. To enable NAP, clear the Enable Fast Reconnect check box, and select the check box next to Enable Quarantine checks. See the following example.

See Also

Concepts

Configure NAP Client Security Groups