Solved

How do I push software to 7/XP wireless clients through a GPO?

Posted on 2011-02-15
5
401 Views
Last Modified: 2012-05-11
Hello,

We are running Windows 7 and XP clients in a Windows 2003/2008 environment, using IAS for wireless authentication. When attempting to push down software through a GPO, the installation never works on the wireless clients, probably due to authentication timing issues. Is there a way to delay the logon so that the wireless clients can pick up to GPO? I was told that there was a .DLL that could do this. Is anyone aware of it?
0
Comment
Question by:srfergus
5 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 34916306
Hi,

Check this article

http://www.experts-exchange.com/Networking/Wireless/Q_22835801.html

Should resolve your problem.


Ded9
0
 

Expert Comment

by:kylerabe
ID: 34962936
You need to have the clients logging into the wireless network as they are logging into the computer/domain.  Somtimes this requires the use of software from your wireless card's manufacturer (Intel ProSet Wireless), but can usually be done in Windows 7 using single sign on.  Go to the Network and Sharing Center and click Manage wireless networks.  Right click on your office's wireless network and click Properties.  On the Security tab, click Advanced Settings.  You should see an option to enable single sign on.  You want to perform it immediately before logon. If each employee has different credentials for the wireless network, you also need to allow additional dialogs to be displayed during single sign on.  When you reboot your machine you should see not only a form for your domain username and password, but also your wireless credentials.  
0
 

Expert Comment

by:kylerabe
ID: 34962944
more information about Intel ProSet can be found here: http://www.intel.com/support/wireless/wlan/sb/CS-014563.htm
0
 
LVL 1

Accepted Solution

by:
jimmernet earned 500 total points
ID: 36530207
You need to set a GPO called "wait for network" It's somewhere buried in the computer configuration area. This does not let the login process continue until the network (wireless in this case) is established. Without this setting, the users are effectively logging on using cached credentials.

Also There are some settings in GPO for wireless to allow the computer itself to authenticate to the wireless AP/ domain instead of a user. This is useful if a user has not logged onto a wireless connected laptop before... See this...

http://technet.microsoft.com/en-us/library/cc778073%28WS.10%29.aspx

(....To specify that client computers attempt authentication to the network if a user is not logged on, select the Authenticate as computer when computer information is available check box, and in Computer authentication, click an option to specify how the computer should attempt authentication. For information about each of the options that you can select for Computer authentication, see Notes.)


if you cannot see the wireless configuration section in the machine area of the GPO, you may need to register the DLLs (I think this what you were thinkig..)

From http://www.winserverkb.com/Uwe/Forum.aspx/windows-group-policy/4223/Wireless-Group-Policy-Option-Missing

That's not entirely true. Some background: Wireless policy editing was added
to Server 2003 and requires a 2003 AD schema to work. XP, Sp1 and above is
capable of *processing* wireless policy but you're correct to say that, by
default, if you open the GP editor on an XP box you won't see Wireless
policy even if you're focused on a 2003 AD-based GPO. However, I played
around with this a bit and it looks fairly easy to rectify that. Simply copy
the following two files from the system32 folder on a Server 2003 system to
your XP workstation's system32 folder:

wlsnp.dll
wlstore.dll

and then on the XP box, register the wireless MMC snap-in by issuing the
following command from the system32 directory:

regsvr32 wlsnp.dll

That should allow you to edit Wireless policy on your XP box. Let me know if
that doesn't work for you.


Hopefully that will sort you out. Been there and had this issue!


0
 

Author Closing Comment

by:srfergus
ID: 37154865
Thanks!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question