在 Surface 设备上启用 PEAP、EAP-FAST 和 Cisco LEAPEnable PEAP, EAP-FAST, and Cisco LEAP on Surface devices

了解如何在你的 Surface 设备上启用对 PEAP、EAP-FAST 或 Cisco LEAP 协议的支持。Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.

如果你在你的企业网络中使用 PEAP、EAP-FAST 或 Cisco LEAP,你可能已经了解这三种无线身份验证协议不受全新 Surface 设备支持。If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. 一些用户在尝试连接到无线网络时可能会发现此情况;另一些用户在无法获取对网络内资源(例如文件共享和内部站点)的访问权限时可能会发现此情况。Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. 有关详细信息,请参阅可扩展身份验证协议For more information, see Extensible Authentication Protocol.

你可以通过从 U 盘或文件共享执行较小的 MSI 程序包来添加对每个协议的支持。You can add support for each protocol by executing a small MSI package from a USB stick or from a file share. 对于想要在其 Surface 设备上启用 EAP 支持的组织,MSI 程序包格式支持具有许多管理和部署工具(如 Microsoft 部署工具包(MDT)和 Microsoft 终结点配置管理器)的部署。For organizations that want to enable EAP support on their Surface devices, the MSI package format supports deployment with many management and deployment tools, like the Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager.

下载 PEAP、EAP-FAST 或 Cisco LEAP 安装文件Download PEAP, EAP-FAST, or Cisco LEAP installation files

你可以从 Microsoft 下载中心针对单个 zip 存档文件中的 EAP、EAP-FAST 或 Cisco LEAP 下载 MSI 安装文件。You can download the MSI installation files for PEAP, EAP-FAST, or Cisco LEAP in a single zip archive file from the Microsoft Download Center. 若要下载此文件,请转到 Microsoft 下载中心的适用于 IT 的 Surface 工具页、单击下载,然后选择 Cisco EAP-Supplicant Installer.zip 文件。To download this file, go to the Surface Tools for IT page on the Microsoft Download Center, click Download, and then select the Cisco EAP-Supplicant Installer.zip file.

使用 MDT 部署 PEAP、EAP-FAST 或 Cisco LEAPDeploy PEAP, EAP-FAST, or Cisco LEAP with MDT

如果你已在你的组织中执行到 Surface 设备的 Windows 部署,则可以在部署期间快速轻松地将每个协议的安装文件添加到部署共享并配置自动安装。If you are already performing a Windows deployment to Surface devices in your organization, it is quick and easy to add the installation files for each protocol to your deployment share and configure automatic installation during deployment. 甚至可以配置用于更新之前已部署的 Surface 设备的任务序列,从而可以使用相同的过程提供对这些协议的支持。You can even configure a task sequence that updates previously deployed Surface devices to provide support for these protocols using the same process.

若要在新部署的 Surface 设备上启用对 PEAP、EAP-FAST 或 Cisco LEAP 的支持,请按照以下步骤操作:To enable support for PEAP, EAP-FAST, or Cisco LEAP on newly deployed Surface devices, follow these steps:

  1. 下载每个协议的安装文件并将其解压缩到某一可轻松访问的位置中的单个文件夹。Download and extract the installation files for each protocol to separate folders in an easily accessible location.

  2. 打开 MDT 部署工作台并将部署共享展开到应用程序文件夹。Open the MDT Deployment Workbench and expand your deployment share to the Applications folder.

  3. 操作窗格中选择新建应用程序Select New Application from the Action pane.

  4. 选择具有源文件的应用程序以将 MSI 文件复制到部署共享中。Choose Application with source files to copy the MSI files into the Deployment Share.

  5. 针对所需的协议选择步骤 1 中所创建的文件夹。Select the folder you created in step 1 for the desired protocol.

  6. 对将在其中存储安装文件的部署共享中的文件夹进行命名。Name the folder in the deployment share where the installation files will be stored.

  7. 指定要用于部署应用程序的命令行:Specify the command line to deploy the application:

    • 对于 PEAP,请使用 EAP-PEAP.msi /qn /norestartFor PEAP use EAP-PEAP.msi /qn /norestart.

    • 对于 LEAP,请使用 EAP-LEAP.msi /qn /norestartFor LEAP use EAP-LEAP.msi /qn /norestart.

    • 对于 EAP-FAST,请使用 EAP-FAST.msi /qn /norestartFor EAP-FAST use EAP-FAST.msi /qn /norestart.

  8. 使用默认选项完成“新建应用程序”向导。Use the default options to complete the New Application Wizard.

  9. 针对每个所需的协议重复步骤 3 到步骤 8。Repeat steps 3 through 8 for each desired protocol.

在执行这些步骤以将三个 MSI 程序包作为应用程序导入到 MDT 后,它们将在 Windows 部署向导的“应用程序”页中可供选择。After you’ve performed these steps to import the three MSI packages as applications into MDT, they will be available for selection in the Applications page of the Windows Deployment Wizard. 尽管在一些简单的部署方案中这足以让技术人员在部署时选择每个程序包,但这并非推荐的做法。Although in some simple deployment scenarios it might be sufficient to have technicians select each package at the time of deployment, it is not recommended. 此做法允许技术人员尝试将这些程序包应用到 Surface 设备以外的计算机,或由于人为错误而使得 Surface 设备可以在没有 EAP 支持的情况下进行部署。This practice introduces the possibility that a technician could attempt to apply these packages to computers other than Surface devices, or that a Surface device could be deployed without EAP support due to human error.

若要从“安装应用程序”页中隐藏这些应用程序,请在每个应用程序的属性中选中在部署向导中隐藏此应用程序复选框。To hide these applications from the Install Applications page, select the Hide this application in the Deployment Wizard checkbox in the properties of each application. 在应用程序处于隐藏状态后,它们将不会在部署期间显示为可选应用程序。After the applications are hidden, they will not be displayed as optional applications during deployment. 若要在 Surface 部署任务序列中部署它们,必须通过任务序列中的单独步骤针对安装进行显式定义。To deploy them in your Surface deployment task sequence, they must be explicitly defined for installation through a separate step in the task sequence.

若要显式指定协议,请按照以下步骤操作:To specify the protocol(s) explicitly, follow these steps:

  1. 从 MDT 部署工作台打开你的 Surface 部署任务序列属性。Open your Surface deployment task sequence properties from the MDT Deployment Workbench.

  2. 任务序列选项卡上,在状态还原下选择安装应用程序步骤。On the Task Sequence tab, select the Install Applications step under State Restore. 这通常可以在应用程序安装前和应用程序安装后 Windows 更新步骤之间找到。This is typically found between the pre-application and post-application Windows Update steps.

  3. 使用添加按钮,从常规类别创建一个新的安装应用程序步骤。Use the Add button to create a new Install Application step from the General category.

  4. 在步骤属性选项卡中选择安装单个应用程序Select Install a single application in the step Properties tab.

  5. 从列表中选择所需的 EAP 协议。Select the desired EAP protocol from the list.

  6. 针对每个所需的协议重复步骤 2 到步骤 5。Repeat steps 2 through 5 for each desired protocol.

使用配置管理器部署 PEAP、EAP-FAST 或 Cisco LEAPDeploy PEAP, EAP-FAST, or Cisco LEAP with Configuration Manager

对于使用配置管理器管理 Surface 设备的组织,可以更轻松地将 PEAP、EAP-FAST 或 Cisco LEAP支持部署到 Surface 设备。For organizations that manage Surface devices with Configuration Manager, it is even easier to deploy PEAP, EAP-FAST, or Cisco LEAP support to Surface devices. 只需从软件库导入每个 MSI 文件作为应用程序并将部署配置为你的 Surface 设备集合。Simply import each MSI file as an application from the Software Library and configure a deployment to your Surface device collection.

有关如何使用配置管理器部署应用程序的详细信息,请参阅如何在配置管理器中创建应用程序如何在配置管理器中部署应用程序For more information on how to deploy applications with Configuration Manager see How to Create Applications in Configuration Manager and How to Deploy Applications in Configuration Manager.