Re: Group Policy and PEAP
From: Ashwin Palekar\(MS\) (ashwinp_at_online.microsoft.com)
Date: 06/26/04
- Previous message: Kiarash_at_Ghasemi.Info: "Re: newbie question on customizing radius access points"
- In reply to: Kevin Lancaster: "Group Policy and PEAP"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 26 Jun 2004 00:43:51 -0700
You are right. This text in the book is incorrect.
-- -- =========================================================== This posting is provided "AS IS" with no warranties and confers no rights =========================================================== "Kevin Lancaster" <m0ahn@hotmail.com> wrote in message news:ubRB2IcWEHA.2840@TK2MSFTNGP11.phx.gbl... >I quote from the "Microsoft Windows Small Business Server 2003 > Administrators Companion" book:- > > "Although PEAP provides great wireless security and is easier to implement > than EAP-TLS authentication, there are two significant drawbacks. The > first > is that you won't be able to remotely administer wireless clients unless > someone's logged on. The second is that Group Policy Computer > Configuration > won't work." > > Based on my own experience of using PEAP based wireless networks, I would > disagree with both of the above statements. > > 1. When a computer on the network starts up, the computer account > authenticates. This is confirmed by the following; > i) An event appears in the event log stating that the computer account has > authenticated > ii) I can access the computer via Computer Management from the server > iii) There is an option in the configuration that states to "Authenticate > as > computer when computer information is available" > iv) When a user logs on, another event occurs stating the user has been > given access. When the user logs off, the computer again authenticates. > v) The computer account is denied access unless Dial-In access is granted > according to the Remote Access Policy. > > 2. I can only assume the statement about Group Policy Computer > Configuration > not working is because of the first point that, according to the book, the > computer does not have network access until a user logs on. Thus, no > access, > how can Group Policy be applied? > > I am surprised to read this because without the computer obtaining network > access the whole process of domain access, DNS registration, roaming > profiles etc will not work unless network access is obtained prior to > logon. > > These statements are based on experience gained from using Cisco Aironet > Access Points, Windows 2003 Small Business Server, Both Verisign and > Microsoft Certificates and Windows XP Desktops using the WZC service. > > Can anyone shed some light on this? > > Kevin > > > > >
- Previous message: Kiarash_at_Ghasemi.Info: "Re: newbie question on customizing radius access points"
- In reply to: Kevin Lancaster: "Group Policy and PEAP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
