Authenticate as computer with third party wireless client.

Hi,

We've justo set up an IAS Server and a few of Access Points. Next step is to configure the wireless clients in the laptops.

Several laptops come with thir party wireless clients which disable Windows wireless client and makes things quite difficult as you can't configure those clients via GPO.

On the other hand, it's quite useful for us to enable the option "Authenticate as computer when computer information is available" in the Windows Wireless Client and I wonder whether this is possible in the third party wireless clients. We need this feature because we want the to run logon and group polcies after the user does a successful logon to the domain.

Besides, I raise another scenario. A user is logged with domain cached credentials. Suddenly he wants to connect to the wireless to get access to the domain resources. How would be possible to run the logon scripts and GPO applied on that computer?.

Thank you.
JorgeSimarroVillarAsked:
Who is Participating?
 
JorgeSimarroVillarConnect With a Mentor Author Commented:
I found some documentation about pre-logon features for some NIC's but it's not enough as there are several NIC's integrated in the laptops and it would be a nightmare to deal with them.

Finally, we've decided to set the Windows Wireless Client as a standard and create a group policy to manager the configuration.

You can check the option Authenticate as computer when computer information is available" within the group policiy Computer-> Windows Settings -> Security Settings -> Wireless Network (802.11) Policies.

Thank you.
wireless.JPG
0
 
JorgeSimarroVillarAuthor Commented:
I've seen a Pre-Logon feature in some wireless devices but what most I'm interest in rigth now is whether I can run logon scripts once the user connect to the wireless, is that possible?.

Thank you.
0
 
senadCommented:
I really don't see your problem here.
Your wireless access points transmit network name and
all you need is to set up security and that means providing
keys (wep...) to your laptops.So it makes no difference what
laptop clients are using for connection.
Why do you people complicate your life unnecessarily ?
Logging into domain is another issue separate from internet access...
Or perhaps you need to log in into domain to get internet access ?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
JorgeSimarroVillarAuthor Commented:
Hi,

I need to be authenticated to the domain to have access to the wireless, that's why I installed IAS, becuase I want to authenticate to active directory.

How could I get access to the wireless without being logged into the domain?.

Thank you.
0
 
senadCommented:

You generate a wep key (or whatever else for wireless security)
on the access point (setup) for accessing the internet.
The generated key is provided to clients.
When their laptops (or PC's) detect wireless they are prompted to join.
All they need to do is to supply the given key.
With key supplied they can automatically join the wireless network
(selecting 'join automatically') .
That means they have internet access.They do not need to log on to domain or
whatever.
0
 
JorgeSimarroVillarAuthor Commented:
But I don't want to give a WEP key to the users, a key that they likely will lose right away. It's much easier that they use their active directory credentials.

We'll change the WEB key very frequently due to security reasons, and I guess that in your scenario we'll have to provide them with the new WEP key every time we change it. This is not very useful.

Of course, if they aren't logged to the domain they don't have Internet access.

Thank you.
0
 
senadCommented:
You can use Mac filtering which is even better.
Its machine specific and no need to change keys.
You specify machine ID (obtained from their hardware - NIC) which
you then add.So unless they change the nic,it's always there...
0
 
senadCommented:
Here is Linksys 8pic) :

19.4.png
0
 
senadCommented:
to obtain the physical address just fire :
ipconfig /all

19.4.png
0
 
JorgeSimarroVillarAuthor Commented:
I'm talking about hundred of laptops and mobile devices. Besides, these devices are replaced with new ones every two years. Can you imagine the load of work that handling with such a huge number of mac addresses will have to deal with?.

Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.