Solved

Wireless GPO: "automatic" vs "on-demand"

Posted on 2008-10-02
13
3,051 Views
Last Modified: 2011-10-19
I have created Wireless GPO to configure Wifi connection to the Wireless access point (Cisco Airnet). GPO works and laptop (Windows XP Pro SP2) is connecting to AP without any problem.

The issue is that this connection is set to be "automatic" so laptop connects to AP whenever it is in a range. It is NOT possible to disconnect from AP neither change type of the connection from "automatic" to "on-demand" or "manual".

In GPO I cannot see any option to change setting "Automatically connect to available networks".
Any idea what other settings may be set in order to make this connection "on-demand" / "manual"?
Alternitevly, is any registry hack available (in addition to GPO) to achieve the desired settings?
0
Comment
Question by:igor-1965
  • 6
  • 6
13 Comments
 
LVL 6

Expert Comment

by:thernlund
Comment Utility
I'm not sure if this is the answer you're after, but...

In your wireless access policy (Windows Settings/Security Setting/Wireless Network (IEEE 802.11) Policies), open your policy.  In the drop-down labeled "Networks to access:", set to "Any available...".

On bott if the computer is in range of the network your GPO defines, it will conenct.  No way around that that I've ever heard of.  But you should be able to disconnect and re-connect to another network.


-T.
0
 
LVL 6

Expert Comment

by:thernlund
Comment Utility
That was "On boot if the computer is in range..."


-T.
0
 
LVL 14

Author Comment

by:igor-1965
Comment Utility
"Any available network" was already in use. But I cannot see any option "On boot if the computer is in range...". Where is located?

Thank you.
Igor
0
 
LVL 6

Expert Comment

by:thernlund
Comment Utility
No, no.  What I was saying is that if the computer is in range on boot it will try to connect.  I've never seen any way around that.  However, you should be able to disconnect and reconnect to another network without issue.


-T.
0
 
LVL 14

Author Comment

by:igor-1965
Comment Utility
At my first tests it was not possible to disconnect from AP after the connection established. But I will be reconfigure AP on Monday and retest GPO / connection issue and confirm.
0
 
LVL 6

Expert Comment

by:thernlund
Comment Utility
It occurs to me that if you want users to connect manually rather than automatically, just don't define a policy at all.  Then the users will bring up the list of APs in Windows and pick which one they want to connect to.

That is to say, without a policy, it will all be managed by the user at his end rather than by you at the domain end.

If you're using RADIUS, of course set up IAS, but just don't define any policy in the domain.


-T.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 14

Author Comment

by:igor-1965
Comment Utility
Unfortunately, after the policy applied and AP is in the range I am not able to disconnect / switch to another WiFi network.

Manual configuration could help but it is a corporate-wide implementation (Access Points + GPO) to minimize the manual work setting up thousands laptops. I am looking for a workaround that would allow me to switch the WiFi networks while laptop is in the office.
0
 
LVL 6

Expert Comment

by:thernlund
Comment Utility
Hmmm... well, my machines have a WiFi policy applied and I am able to disconnect from the default and connect to any other available.

Reading back through the whole thread, I don't think I'm sure of what exactly your after.

A)  If you want the laptop to not connect to anything on boot up, then don't configure a policy.  This is the only way.  If there is a policy, the machine will connect.  Without a policy machines should still be able to connect with RADIUS and zero config, but they won't connect on boot (the user must connect manually after login).  However, this can present a problem for computer policies as the machine is not connected before login, and as such the computer policies are not processed.

B)  If you want them to connect but be able to manually disconnect and reconnect to another network, this is doable.  I do it all the time.  However, without seeing your config I'm not sure what's wrong.


-T.
0
 
LVL 14

Author Comment

by:igor-1965
Comment Utility
Sorry for not replying sooner. I am attaching the screen shots of my GPO settings. Please have a look.

Thank you
Igor
 
GPO-1.jpg
GPO-2.jpg
GPO-3.jpg
GPO-4.jpg
GPO-5.jpg
GPO-6.jpg
0
 
LVL 6

Accepted Solution

by:
thernlund earned 500 total points
Comment Utility
These setting are just as mine are.  As such, I think what you're after might be elsewhere.

Possibly you have some other network policy configured not related to the connection being wired or wireless?


-T.
0
 
LVL 14

Author Comment

by:igor-1965
Comment Utility
Yes, we have some policies applied. But which one could be a culprit?
0
 
LVL 14

Author Closing Comment

by:igor-1965
Comment Utility
T. - you might be right and the problem resides somewhere else rather than in GPO. I suspect it might be Cisco Airnet AP + laptops WiFi cards combination but have no resources to take the further tests. Thanks for your time and efforts.
Igor
0
 

Expert Comment

by:vwaadmin
Comment Utility
Igor, I have the same problem and setup as you. I have run RsOP and have not found any conflicting policies. Did you find a solution to your problem?
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now