Wireless Networking with Windows Vista in a Domain Environment
Everyone wants wireless. Due to security, speed, and bandwidth issues, the use of wireless network devices has been rather limited in the past, but with the emergence of newer technologies and protocols, wireless devices—including wireless network PCs—are becoming more popular.
Windows Vista makes wireless networking better, easier, and safer, which will result in an increase in the number of wireless PCs, both at home and in the workplace. In this article, I’ll discuss various methods for joining a wireless network client to an Active Directory domain. I’ll also address some of the security issues. When it comes to wireless clients, security is a high priority, especially in a domain environment where your corporate data needs to be protected properly.
First, let’s consider the concept of "bootstrap wireless profile" in Windows Vista. Then we’ll look at several security considerations and examine in more detail the methods for joining the domain.
Bootstrap Wireless Profile
The bootstrap wireless profile is a temporary wireless profile that doesn’t validate the certificate of the Remote Authentication Dial-in User Service (RADIUS) server.
Once the client has joined the domain, a new wireless profile is used to validate the credentials of the RADIUS server. More on this topic later, but for now let’s see how your wireless clients can join the domain.
Users have the following two options for joining a wireless client to the domain:
- Manually configure the wireless client with a bootstrap wireless profile.
- Configure the wireless client with a bootstrap wireless profile using an XML file and a script.
To configure a bootstrap wireless profile in Windows Vista, follow this procedure:
- In Control Panel, open the Network & Sharing Center.
- Under Tasks, click Set up a network or connection.
- Under the Choose a connection option, select Manually connect to a wireless network. Click Next.
- Configure the wireless network with network name, security type, and
encryption type (WEP, TKIP, or AES), as shown in Figure 1. Then click Next.
Figure 1 Configuring a bootstrap wireless profile.
- Click Change connection settings.
- On the Security tab, under Choose a network authentication method, make sure that Protected EAP (PEAP) is selected.
- Click Settings and uncheck the box Validate server
certificate. Leave the authentication method set to the default option Secured password (EAP-MSCHAP v2), as shown in Figure 2.
Figure 2 Configuring protected EAP properties.
- Click OK a couple of times and then click Close to close all the dialog boxes.