Creating Wireless GPO Setting

I found this nice blog by Darren Mar-Elia regarding an issue with editing wireless GPO settings from a Windows XP SP2 machine. I thought it was interesting enough to share, so here is my interpretation of it.

If you may recall, Windows Server 2003 has added quite a few good GPO settings, some of which only work on Windows XP and above, and some require XP SP2 and above. One of the nicest security settings is the ability to create a wireless settings GPO that will require your client computers to connect only to a predefined set of wireless networks, and to require various security settings such as the type of wireless network access, level of encryption, method of authentication and more.

Daniel’s recommendations

If you are looking to really master Active Directory (or other Networking skills), I strongly recommend that you try Train Signal. I’ve discovered this company a few months ago and I always send people their way because the training is so good. You can see more HERE.

Daniel Petri

When creating and editing these wireless GPO settings you need to first have a Windows Server 2003 Domain. This is because of various additions to the AD Schema that the first Windows Server 2003 DC introduces (read Windows 2003 ADPrep). After you have a Windows Server 2003 Domain in place, you will need to create a new GPO or edit an existing GPO and add the wireless settings to it. BTW, if you plan to create and edit these WiFi settings from a Windows XP machine and not from your DC you will need to read Working with Wireless GPO Settings from XP SP2.

In order to create Wireless GPO you will need to perform the following steps:

  1. Create a new GPO or edit an existing one. The best tool for creating, linking and editing GPOs in the Group Policy Management Console (or GPMC). You can install GPMC on any Windows Server 2003 or Windows XP Pro computer. Read Download GPMC for more info. The following screenshot is of a new GPO creation with GPMC:

wifi gpo 10 small

Note: Where you should create and link this GPO to in your AD structure is beyond the scope of this article, just note that linking it to an OU will effect all the computers within that OU. If you link it to the domain, it will effect all the computers in the domain.

  1. Edit the GPO you’ve selected, and expand Computer Configuration > Security Settings. You’ll notice a node called Wireless Network (IEEE 802.11) Policies.

  2. Right-click Wireless Network (IEEE 802.11) Policies and select Create Wireless Network Policy,

wifi gpo 1 small

  1. In the Wireless Network Policy window click Next.

wifi gpo 2 small

  1. In the Name box type a descriptive name for the new policy. Click Next.

wifi gpo 3 small

  1. In the final window make sure Edit Properties is selected, and click Finish.

wifi gpo 4 small

  1. In the Wireless Policy Properties window on the General tab you can change the policy’s name, the refresh interval (by default – 180 minutes), the ability to force the client computers to only connect to infrastructure devices (versus the ability to connect to any available device, including Ad-Hoc networks), and the option to force the default Windows client WiFi tool (versus other 3rd-party tools such as the excellent Intel PROSet/Wireless client).

wifi gpo 5 small

  1. On the Preferred Networks tab you can add a list of the preferred WiFi networks that the clients are allowed to connect to. The client will only connect to these networks as long as it has had the Wireless GPO applied to it.

When you click on Add you can enter the Wireless’s network Name (SSID), just make sure you type it exactly as it is broadcast by the Wireless Access Point. You can also configure the level of authentication and encryption of the preferred network.

On the IEEE 802.1X tab of the New Preferred Setting Properties window you can configure the desired authentication method required by the Wireless network you’re connecting to.

When finished click Ok.

wifi gpo 6 small

  1. When you’re done, close the GPO editor tool.

Although limited in scope, these settings can be used to configure the basic settings for the client computer.

Links

Define Active Directory-based Wireless Network Policieslink out ico

What Is Wireless Network Policies Extension?link out ico