Regularly Removing PEAP Authentication, is it safe?
We're using Windows XP SP 2 Dell Latitudes to connect to a Cisco wireless network just configured at our site.
PEAP Authentication is configured and working properly. However, according to KB 823731 from Microsoft, the following is true:
When you successfully log on to a network that uses PEAP authentication, your credentials are automatically stored in the computer for re-use. For example, when you shut down and then restart your computer, you are automatically logged on to the wireless network. There is no option that you can configure in Windows XP to prevent the operating system from storing your credentials.
The problem we are experiencing is that this automatic re-login to the Cisco Wireless Network during startup is making the computer freeze for a few minutes at "Preparing Network Connections". Right now, we have a GP that forces the computer to wait for network before showing the login screen so that all required group policies are applied properly, changing this is not an option.
So, according to this same article, you can use a registry modification to remove the cached credentials...my question is this:
Is it safe to set up a computer logoff script that purges the PEAP cached credentials every time the computer shuts down so that when it boots up, it's unable to log in automatically? If I do this, will it harm the computer? (i.e. not be able to boot past preparing network connections at all b/c it wants credentials that aren't there)?
I get this feeling that continual modification of the registry is not a clean way to make this work. Is there any other workaround?
Thanks!
PEAP Authentication is configured and working properly. However, according to KB 823731 from Microsoft, the following is true:
When you successfully log on to a network that uses PEAP authentication, your credentials are automatically stored in the computer for re-use. For example, when you shut down and then restart your computer, you are automatically logged on to the wireless network. There is no option that you can configure in Windows XP to prevent the operating system from storing your credentials.
The problem we are experiencing is that this automatic re-login to the Cisco Wireless Network during startup is making the computer freeze for a few minutes at "Preparing Network Connections". Right now, we have a GP that forces the computer to wait for network before showing the login screen so that all required group policies are applied properly, changing this is not an option.
So, according to this same article, you can use a registry modification to remove the cached credentials...my question is this:
Is it safe to set up a computer logoff script that purges the PEAP cached credentials every time the computer shuts down so that when it boots up, it's unable to log in automatically? If I do this, will it harm the computer? (i.e. not be able to boot past preparing network connections at all b/c it wants credentials that aren't there)?
I get this feeling that continual modification of the registry is not a clean way to make this work. Is there any other workaround?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hold on i will have an answer for you sorry for the delay
ASKER
Thanks for everyone's input, we decided to allow authentication without users entering credentials, which negated the need for removing the PEAP registry entries each time they log off.
John