Authenticate as computer with third party wireless client.

Hi,

We've justo set up an IAS Server and a few of Access Points. Next step is to configure the wireless clients in the laptops.

Several laptops come with thir party wireless clients which disable Windows wireless client and makes things quite difficult as you can't configure those clients via GPO.

On the other hand, it's quite useful for us to enable the option "Authenticate as computer when computer information is available" in the Windows Wireless Client and I wonder whether this is possible in the third party wireless clients. We need this feature because we want the to run logon and group polcies after the user does a successful logon to the domain.

Besides, I raise another scenario. A user is logged with domain cached credentials. Suddenly he wants to connect to the wireless to get access to the domain resources. How would be possible to run the logon scripts and GPO applied on that computer?.

Thank you.
JorgeSimarroVillarAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JorgeSimarroVillarAuthor Commented:
I've seen a Pre-Logon feature in some wireless devices but what most I'm interest in rigth now is whether I can run logon scripts once the user connect to the wireless, is that possible?.

Thank you.
0
senadCommented:
I really don't see your problem here.
Your wireless access points transmit network name and
all you need is to set up security and that means providing
keys (wep...) to your laptops.So it makes no difference what
laptop clients are using for connection.
Why do you people complicate your life unnecessarily ?
Logging into domain is another issue separate from internet access...
Or perhaps you need to log in into domain to get internet access ?
0
JorgeSimarroVillarAuthor Commented:
Hi,

I need to be authenticated to the domain to have access to the wireless, that's why I installed IAS, becuase I want to authenticate to active directory.

How could I get access to the wireless without being logged into the domain?.

Thank you.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

senadCommented:

You generate a wep key (or whatever else for wireless security)
on the access point (setup) for accessing the internet.
The generated key is provided to clients.
When their laptops (or PC's) detect wireless they are prompted to join.
All they need to do is to supply the given key.
With key supplied they can automatically join the wireless network
(selecting 'join automatically') .
That means they have internet access.They do not need to log on to domain or
whatever.
0
JorgeSimarroVillarAuthor Commented:
But I don't want to give a WEP key to the users, a key that they likely will lose right away. It's much easier that they use their active directory credentials.

We'll change the WEB key very frequently due to security reasons, and I guess that in your scenario we'll have to provide them with the new WEP key every time we change it. This is not very useful.

Of course, if they aren't logged to the domain they don't have Internet access.

Thank you.
0
senadCommented:
You can use Mac filtering which is even better.
Its machine specific and no need to change keys.
You specify machine ID (obtained from their hardware - NIC) which
you then add.So unless they change the nic,it's always there...
0
senadCommented:
Here is Linksys 8pic) :

19.4.png
0
senadCommented:
to obtain the physical address just fire :
ipconfig /all

19.4.png
0
JorgeSimarroVillarAuthor Commented:
I'm talking about hundred of laptops and mobile devices. Besides, these devices are replaced with new ones every two years. Can you imagine the load of work that handling with such a huge number of mac addresses will have to deal with?.

Thank you.
0
JorgeSimarroVillarAuthor Commented:
I found some documentation about pre-logon features for some NIC's but it's not enough as there are several NIC's integrated in the laptops and it would be a nightmare to deal with them.

Finally, we've decided to set the Windows Wireless Client as a standard and create a group policy to manager the configuration.

You can check the option Authenticate as computer when computer information is available" within the group policiy Computer-> Windows Settings -> Security Settings -> Wireless Network (802.11) Policies.

Thank you.
wireless.JPG
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.