Group Policy for dot1x
Posted on 2014-03-17
Would love some help on some Windows server work for a Cisco guy :)
We are developing a Dot1x solution and will need to push config from Win2008 to about 40-50 domain computers. We are enabling computer authentication with certificates. We have developed the GPO piece just fine but are looking for any best practices for deployment. Here are some particular areas of concern we are facing:
- Only a certain group of computers need dot1x (all Win7) - is putting this group in the security filter best practice?
- We only utilize one domain policy currently. Should we develop a separate policy to push out just these few dot1x config items?
- When does the GPO controller "push" its config out to workstations?
- For the certificates, can you tell what templates are currently available for a certain group for auto-enroll?
- Lastly, best way to view computers that were successfully updated?
I apologize for the amount of questions stuffed into here but as I mentioned before, I'm a network guy looking for some Windows help. Thanks.