?
Solved

Group Policy for dot1x

Posted on 2014-03-17
1
Medium Priority
?
673 Views
Last Modified: 2014-03-18
Hello,

Would love some help on some Windows server work for a Cisco guy :)

We are developing a Dot1x solution and will need to push config from Win2008 to about 40-50 domain computers.  We are enabling computer authentication with certificates.  We have developed the GPO piece just fine but are looking for any best practices for deployment.  Here are some particular areas of concern we are facing:

 - Only a certain group of computers need dot1x (all Win7) - is putting this group in the security filter best practice?
 - We only utilize one domain policy currently. Should we develop a separate policy to push out just these few dot1x config items?
 - When does the GPO controller "push" its config out to workstations?
 - For the certificates, can you tell what templates are currently available for a certain group for auto-enroll?
- Lastly, best way to view computers that were successfully updated?


I apologize for the amount of questions stuffed into here but as I mentioned before, I'm a network guy looking for some Windows help.  Thanks.
0
Comment
Question by:L8C
1 Comment
 
LVL 22

Accepted Solution

by:
Jakob Digranes earned 2000 total points
ID: 39936107
* It might be good to filter these by security, OR - even better, create an new OU for Wireless Computers. But both work
* This is no definite answer to, depends on your likings. I'd create a separate policy, either COMPUTERS or WIRELESS and put settings in one of those
* GPO pushed during boot, and if you use GPUPDATE /FORCE in WIndows later on
* You can AUTO-ENROLL more or less all templates as long as you set permissions correct. I'd recommend copying COMPUTER TEMPLATE, call it something like MachineCert and let the wireless group be able ot autoenroll in security. Remember cert need correct intended purpose (client authentication) and Computer Template does
* No easy way in Windows to see this, but there's probably some 3rd party software - but as long as computers reboot they'll get the policy
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question