Join the Domain and Log On by using Wireless Method 1
Published: September 1, 2010
Updated: October 4, 2010
Applies To: Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP
Domain member users with domain-joined wireless client computers running Windows Vista can use a temporary wireless profile to connect to an 802.1X-authenticated wireless network without first connecting to the wired LAN. This temporary wireless profile, known as a bootstrap wireless profile, requires the user to manually specify their domain user account credentials, and does not validate the certificate of the Remote Authentication Dial-In User Service (RADIUS) server running Network Policy Server (NPS). After establish wireless connectivity, Group Policy is applied on the wireless client computer, and a new wireless profile is issued. The new policy automatically uses the computer and user account credentials for client authentication. Additionally, as part of the PEAP-MS-CHAP v2 mutual authentication, the client validates the credentials of the RADIUS server.
After you join the computer running Windows Vista to the domain, use this procedure to configure a Single Sign On bootstrap wireless profile, before distributing the wireless computer to the domain-member user.
To configure a Single Sign On bootstrap wireless profile
Configure a bootstrap profile by using the procedure Wireless Clients running Windows Vista for PEAP-MS-CHAP v2 Authentication with the following settings specified:
PEAP-MS-CHAP v2 authentication
Validate RADIUS server certificate disabled
Single Sign On enabled
In Windows Vista Wireless Network (IEEE 802.11) Policies, on the General tab, click Export to export the profile to a network share, USB flash drive, or other easily accessible location.
Join the new wireless computer to the domain (for example, through an Ethernet connection that does not require IEEE 802.1X authentication) and add the bootstrap wireless profile to the computer by using the netsh wlan add profile command.
For more information, see Netsh Commands for Wireless Local Area Network (WLAN) at http://go.microsoft.com/fwlink/?LinkID=81752.
- Distribute the new wireless computer to the user with the procedure to “Log on to the domain using computers running Windows Vista.”
When the user starts the computer, Windows Vista prompts the user to enter their domain user account name and password. Because Single Sign On is enabled, the computer uses the domain user account credentials to first establish a connection with the wireless network and then log on to the domain.
Log on to the domain using computers running Windows Vista
Log off the computer, or restart the computer.
Press CTRL + ALT + DELETE. The logon screen appears.
Click Switch User, and then click Other User.
In User name, type your domain and user name in the format domain\user. For example, to log on to the domain example.com with an account named User-01, type example\User-01.
In Password, type your domain password, and then click the arrow, or press ENTER.