igor-1965
asked on
Wireless GPO: "automatic" vs "on-demand"
I have created Wireless GPO to configure Wifi connection to the Wireless access point (Cisco Airnet). GPO works and laptop (Windows XP Pro SP2) is connecting to AP without any problem.
The issue is that this connection is set to be "automatic" so laptop connects to AP whenever it is in a range. It is NOT possible to disconnect from AP neither change type of the connection from "automatic" to "on-demand" or "manual".
In GPO I cannot see any option to change setting "Automatically connect to available networks".
Any idea what other settings may be set in order to make this connection "on-demand" / "manual"?
Alternitevly, is any registry hack available (in addition to GPO) to achieve the desired settings?
The issue is that this connection is set to be "automatic" so laptop connects to AP whenever it is in a range. It is NOT possible to disconnect from AP neither change type of the connection from "automatic" to "on-demand" or "manual".
In GPO I cannot see any option to change setting "Automatically connect to available networks".
Any idea what other settings may be set in order to make this connection "on-demand" / "manual"?
Alternitevly, is any registry hack available (in addition to GPO) to achieve the desired settings?
That was "On boot if the computer is in range..."
-T.
-T.
ASKER
"Any available network" was already in use. But I cannot see any option "On boot if the computer is in range...". Where is located?
Thank you.
Igor
Thank you.
Igor
No, no. What I was saying is that if the computer is in range on boot it will try to connect. I've never seen any way around that. However, you should be able to disconnect and reconnect to another network without issue.
-T.
-T.
ASKER
At my first tests it was not possible to disconnect from AP after the connection established. But I will be reconfigure AP on Monday and retest GPO / connection issue and confirm.
It occurs to me that if you want users to connect manually rather than automatically, just don't define a policy at all. Then the users will bring up the list of APs in Windows and pick which one they want to connect to.
That is to say, without a policy, it will all be managed by the user at his end rather than by you at the domain end.
If you're using RADIUS, of course set up IAS, but just don't define any policy in the domain.
-T.
That is to say, without a policy, it will all be managed by the user at his end rather than by you at the domain end.
If you're using RADIUS, of course set up IAS, but just don't define any policy in the domain.
-T.
ASKER
Unfortunately, after the policy applied and AP is in the range I am not able to disconnect / switch to another WiFi network.
Manual configuration could help but it is a corporate-wide implementation (Access Points + GPO) to minimize the manual work setting up thousands laptops. I am looking for a workaround that would allow me to switch the WiFi networks while laptop is in the office.
Manual configuration could help but it is a corporate-wide implementation (Access Points + GPO) to minimize the manual work setting up thousands laptops. I am looking for a workaround that would allow me to switch the WiFi networks while laptop is in the office.
Hmmm... well, my machines have a WiFi policy applied and I am able to disconnect from the default and connect to any other available.
Reading back through the whole thread, I don't think I'm sure of what exactly your after.
A) If you want the laptop to not connect to anything on boot up, then don't configure a policy. This is the only way. If there is a policy, the machine will connect. Without a policy machines should still be able to connect with RADIUS and zero config, but they won't connect on boot (the user must connect manually after login). However, this can present a problem for computer policies as the machine is not connected before login, and as such the computer policies are not processed.
B) If you want them to connect but be able to manually disconnect and reconnect to another network, this is doable. I do it all the time. However, without seeing your config I'm not sure what's wrong.
-T.
Reading back through the whole thread, I don't think I'm sure of what exactly your after.
A) If you want the laptop to not connect to anything on boot up, then don't configure a policy. This is the only way. If there is a policy, the machine will connect. Without a policy machines should still be able to connect with RADIUS and zero config, but they won't connect on boot (the user must connect manually after login). However, this can present a problem for computer policies as the machine is not connected before login, and as such the computer policies are not processed.
B) If you want them to connect but be able to manually disconnect and reconnect to another network, this is doable. I do it all the time. However, without seeing your config I'm not sure what's wrong.
-T.
ASKER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, we have some policies applied. But which one could be a culprit?
ASKER
T. - you might be right and the problem resides somewhere else rather than in GPO. I suspect it might be Cisco Airnet AP + laptops WiFi cards combination but have no resources to take the further tests. Thanks for your time and efforts.
Igor
Igor
Igor, I have the same problem and setup as you. I have run RsOP and have not found any conflicting policies. Did you find a solution to your problem?
In your wireless access policy (Windows Settings/Security Setting/Wireless Network (IEEE 802.11) Policies), open your policy. In the drop-down labeled "Networks to access:", set to "Any available...".
On bott if the computer is in range of the network your GPO defines, it will conenct. No way around that that I've ever heard of. But you should be able to disconnect and re-connect to another network.
-T.