Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Wireless GPO: "automatic" vs "on-demand"

Posted on 2008-10-02
13
3,055 Views
Last Modified: 2011-10-19
I have created Wireless GPO to configure Wifi connection to the Wireless access point (Cisco Airnet). GPO works and laptop (Windows XP Pro SP2) is connecting to AP without any problem.

The issue is that this connection is set to be "automatic" so laptop connects to AP whenever it is in a range. It is NOT possible to disconnect from AP neither change type of the connection from "automatic" to "on-demand" or "manual".

In GPO I cannot see any option to change setting "Automatically connect to available networks".
Any idea what other settings may be set in order to make this connection "on-demand" / "manual"?
Alternitevly, is any registry hack available (in addition to GPO) to achieve the desired settings?
0
Comment
Question by:igor-1965
  • 6
  • 6
13 Comments
 
LVL 6

Expert Comment

by:thernlund
ID: 22628126
I'm not sure if this is the answer you're after, but...

In your wireless access policy (Windows Settings/Security Setting/Wireless Network (IEEE 802.11) Policies), open your policy.  In the drop-down labeled "Networks to access:", set to "Any available...".

On bott if the computer is in range of the network your GPO defines, it will conenct.  No way around that that I've ever heard of.  But you should be able to disconnect and re-connect to another network.


-T.
0
 
LVL 6

Expert Comment

by:thernlund
ID: 22628258
That was "On boot if the computer is in range..."


-T.
0
 
LVL 14

Author Comment

by:igor-1965
ID: 22632396
"Any available network" was already in use. But I cannot see any option "On boot if the computer is in range...". Where is located?

Thank you.
Igor
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Expert Comment

by:thernlund
ID: 22637640
No, no.  What I was saying is that if the computer is in range on boot it will try to connect.  I've never seen any way around that.  However, you should be able to disconnect and reconnect to another network without issue.


-T.
0
 
LVL 14

Author Comment

by:igor-1965
ID: 22641235
At my first tests it was not possible to disconnect from AP after the connection established. But I will be reconfigure AP on Monday and retest GPO / connection issue and confirm.
0
 
LVL 6

Expert Comment

by:thernlund
ID: 22642170
It occurs to me that if you want users to connect manually rather than automatically, just don't define a policy at all.  Then the users will bring up the list of APs in Windows and pick which one they want to connect to.

That is to say, without a policy, it will all be managed by the user at his end rather than by you at the domain end.

If you're using RADIUS, of course set up IAS, but just don't define any policy in the domain.


-T.
0
 
LVL 14

Author Comment

by:igor-1965
ID: 22649740
Unfortunately, after the policy applied and AP is in the range I am not able to disconnect / switch to another WiFi network.

Manual configuration could help but it is a corporate-wide implementation (Access Points + GPO) to minimize the manual work setting up thousands laptops. I am looking for a workaround that would allow me to switch the WiFi networks while laptop is in the office.
0
 
LVL 6

Expert Comment

by:thernlund
ID: 22651531
Hmmm... well, my machines have a WiFi policy applied and I am able to disconnect from the default and connect to any other available.

Reading back through the whole thread, I don't think I'm sure of what exactly your after.

A)  If you want the laptop to not connect to anything on boot up, then don't configure a policy.  This is the only way.  If there is a policy, the machine will connect.  Without a policy machines should still be able to connect with RADIUS and zero config, but they won't connect on boot (the user must connect manually after login).  However, this can present a problem for computer policies as the machine is not connected before login, and as such the computer policies are not processed.

B)  If you want them to connect but be able to manually disconnect and reconnect to another network, this is doable.  I do it all the time.  However, without seeing your config I'm not sure what's wrong.


-T.
0
 
LVL 14

Author Comment

by:igor-1965
ID: 22701694
Sorry for not replying sooner. I am attaching the screen shots of my GPO settings. Please have a look.

Thank you
Igor
 
GPO-1.jpg
GPO-2.jpg
GPO-3.jpg
GPO-4.jpg
GPO-5.jpg
GPO-6.jpg
0
 
LVL 6

Accepted Solution

by:
thernlund earned 500 total points
ID: 22704310
These setting are just as mine are.  As such, I think what you're after might be elsewhere.

Possibly you have some other network policy configured not related to the connection being wired or wireless?


-T.
0
 
LVL 14

Author Comment

by:igor-1965
ID: 22704717
Yes, we have some policies applied. But which one could be a culprit?
0
 
LVL 14

Author Closing Comment

by:igor-1965
ID: 31502345
T. - you might be right and the problem resides somewhere else rather than in GPO. I suspect it might be Cisco Airnet AP + laptops WiFi cards combination but have no resources to take the further tests. Thanks for your time and efforts.
Igor
0
 

Expert Comment

by:vwaadmin
ID: 23876370
Igor, I have the same problem and setup as you. I have run RsOP and have not found any conflicting policies. Did you find a solution to your problem?
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question