Setting network before logon

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

This has probably been answered before but I haven't seen in it the last
week or so whilst I have been lurking ...

We would like to have our laptops connect to a particular WLAN on startup,
to pull in security settings and to pull in the roaming profile when the
user logs on.

It all works fine when the laptop is connected to the LAN (which we insist
is done once a week to pull down updated settings eg published software, AV
Updates, etc)

We are running a W2K AD Domain with XP Pro sp1 on the laptops, the WLAN is
using a 128-bit WEP key.

Any advice appreciated on this.

Tony Sheppard

 

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

I'd like to know this as well...
I'm trying to use a wireless NIC to connect to an AD domain, but it cannot find the Domain Controller (DC) because it doesn't connect to an access point until after I log onto the machine.

 

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Hi, Tony,
This is doable.
I am assuming your domain is uing Internet Authentication Server (IAS) and
802.1x to authenticate the access by wireless user.
In this case where 802.1x authentication is enabled, there is a registry key
that controls how your wireless client authenticates to the backend IAS
server. If you set the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\AuthMo
de to 1, what will happen is that the machine will authenticate to the
domain before any user log on using machine credential (Machine
Authentication) so that it will pull down any security setting the domain
enforces, assuming the authentication succeeds. When the user logs on later,
the user will need to do User Authentication as you normally do. By the way,
if this reg key is not present, by default it is already to set to 1 and you
already get the above behavior.

Hope this helps.

--
Wai Kong [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


"Tony Sheppard" <grumbledook@ntlworld.com> wrote in message
news:c605cm$6bp0u$1@ID-155810.news.uni-berlin.de...
> This has probably been answered before but I haven't seen in it the last
> week or so whilst I have been lurking ...
>
> We would like to have our laptops connect to a particular WLAN on startup,
> to pull in security settings and to pull in the roaming profile when the
> user logs on.
>
> It all works fine when the laptop is connected to the LAN (which we insist
> is done once a week to pull down updated settings eg published software,
AV
> Updates, etc)
>
> We are running a W2K AD Domain with XP Pro sp1 on the laptops, the WLAN is
> using a 128-bit WEP key.
>
> Any advice appreciated on this.
>
> Tony Sheppard
>
>

 

[Guest]

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

"Wai Kong [MSFT]" <jiangwei@online.microsoft.com> wrote in message
news:uEumiryJEHA.3428@TK2MSFTNGP09.phx.gbl...
> "Tony Sheppard" <grumbledook@ntlworld.com> wrote in message
> news:c605cm$6bp0u$1@ID-155810.news.uni-berlin.de...
> > This has probably been answered before but I haven't seen in it the last
> > week or so whilst I have been lurking ...
> >
> > We would like to have our laptops connect to a particular WLAN on
startup,
> > to pull in security settings and to pull in the roaming profile when the
> > user logs on.
> >
> > It all works fine when the laptop is connected to the LAN (which we
insist
> > is done once a week to pull down updated settings eg published software,
> AV
> > Updates, etc)
> >
> > We are running a W2K AD Domain with XP Pro sp1 on the laptops, the WLAN
is
> > using a 128-bit WEP key.
> >
> > Any advice appreciated on this.
>
> Hi, Tony,
> This is doable.
> I am assuming your domain is uing Internet Authentication Server (IAS) and
> 802.1x to authenticate the access by wireless user.
> In this case where 802.1x authentication is enabled, there is a registry
key
> that controls how your wireless client authenticates to the backend IAS
> server. If you set the registry key
>
HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\AuthMo
> de to 1, what will happen is that the machine will authenticate to the
> domain before any user log on using machine credential (Machine
> Authentication) so that it will pull down any security setting the domain
> enforces, assuming the authentication succeeds. When the user logs on
later,
> the user will need to do User Authentication as you normally do. By the
way,
> if this reg key is not present, by default it is already to set to 1 and
you
> already get the above behavior.
>
Unfortunately we are not running IAS or any other RADUIS setup. This is
principally down to cost (the Cisco management stuff was outside of our
budget initially), lack of knowledge (we mainly have to train ourselves at
the moment) and time (we had to get things running as soon as possible,
irregardless of what issues there may be). And sure enough there is now the
issue of forcing the staff laptops to automatiaclly choose a particular
WLAN. This is partly a problem due to the introduction of a Wi-Fi hotspot in
a study area.

Oh well ... looks like it's time to get my head round RRAS then.

Thanks for the info Wai.

Tony Sheppard
IT Support
Brooke Weston City Technology College