Centrally Manage Wireless Client Security and Connectivity Settings

Applies To: Windows Server 2008, Windows Server 2008 R2

Depending on the organization, the number of wireless computers on a wireless network can range from a just a few to hundreds. In the case of small networks, it is possible to manually configure the connectivity and security settings on each computer. However, as the number of wireless computers on your network grows, it becomes increasingly important to centrally manage the wireless settings on computers.

For medium and large organizations as well as enterprise networks that use Active Directory Domain Services (AD DS), managing wireless client security and connectivity settings by using Group Policy Management is generally the most cost-effective method. This is especially true in environments that use a mixture of wireless computers running Windows Vista and Windows XP.

For more information, see PEAP-MS-CHAP v2-based Authenticated Wireless Access Design and EAP-TLS-based Authenticated Wireless Access Design.

To illustrate, Example Company (Example.com) has 150 wireless computers running Windows XP, and has decided to distribute an additional 300 wireless computers running Windows Vista to their employees. As an alternative to manually configuring the necessary wireless settings on each of the new wireless computers, or writing logon scripts to perform the configuration, they have decided to use the Wireless Network (IEEE 802.11) Policies node that is provided by domain controllers running Windows Server 2008 to centrally manage the wireless settings on all 450 of their wireless computers.

The following features and components are required to centrally manage wireless security and connectivity settings on domain-member wireless computers:

  • Active Directory Domain Services (AD DS). AD DS contains the user accounts, computer accounts, and account properties.

  • Group Policy Management. This design uses the Group Policy Management extension to specify settings in Wireless Network (IEEE 802.11) Policies, which in turn configures the security and connectivity settings on wireless client computers that are required for 802.1X authenticated wireless access.

  • Wireless client computers. This deployment provides 802.1X authenticated access to domain-member users who connect to the network by using wireless client computers running either Windows Vista or Windows XP with Service Pack 2 (SP2) or later versions. Computers must be members of the domain in order to successfully establish authenticated access.