• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 516
  • Last Modified:

Automating "Wired" 802.1x settings for Windows XP SP3 installs

So, after reading up on 802.1x authentication, it is my understanding that in order to push XPSP3 out to around 2000 machines, we will need to touch each and every machine to change the AuthMode to Machine.  Does this basically sound correct?  What was MS thinkimng?  Due to various issues, the machines in question will have variations on the "Local Area Connection" name for the LAN connection and thus scripting may not be an option.  Is there an MS programmatic solution available or are we looking at the fun task of touching each and every machine in all 40+ WAN's out there?  And thus the key word is AUTOMATE, not the MS KB article stating that this is how you do it...
0
GeekyDee
Asked:
GeekyDee
1 Solution
 
HVHSTechCommented:
why dont you just use a GPO to change the settings?

http://blogs.techrepublic.com.com/networking/?p=1093
0
 
merowingerCommented:
Agree: With this group policy settings you can define you WLN Acccess Point and with WMI Filters on the policies you can define which client shell get which access point profile
0
 
GeekyDeeAuthor Commented:
ummm, maybe because the tilte says "Automating "Wired" 802.1x settings for Windows XP SP3 Installs"?  hehe, I do that a lot too  :P  I truly wish there was a GPO setting for the wired 802.1x options and you all were right, but so far I have yet to find an automated solution.  I really do not want to touch all 2000 pc's.  you sound fairly knowledgeable, does the netsh lan options let you import a generic setting into the current xml file, or would that necessitatetoo much work?  All it needs is the
<AuthMode>machine<AuthMode>
part inserted in the EAPOL section of the xml file and if you do not specify the local area connection, it does them all.  Just not sure where it would put the inserted xml snippet...

Forgive the loopiness, I have been doing too much today and I swear management wants to suck my brains out...

Geekydee
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
WolfhereCommented:
Note:  There is currently no support for Group Policy-based configuration of wired client 802.1X authentication settings. The Wireless Network (IEEE 802.11) Policies Group Policy settings are for wireless network connections only. (http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=05951071-6b20-4cef-9939-47c397ffd3dd&displayLang=en)

I can see your frustration Geekydee. You can set maxpasswordage in the registry, reverse encryption in GPO and configure a remote access policy. But, ultimately you will have to touch them all. Its not as bad as converting 19,000 machines from one version of Novell to the next (as I have done). think about it, 2,000 is not as bad as 19,000 ..LOL.
0
 
GeekyDeeAuthor Commented:
finally got it working with a batch file in the runonce key in the registry and 2 reboots, so it is now fully automated. Thanks for help though

ps  I hate hospitals, erg...
0
 
GeekyDeeAuthor Commented:
helped to lead to a solution
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now