Re: Prblm: Radius, WLAN, roaming profiles and software install via group policies

From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 09/09/04 

Date: Thu, 09 Sep 2004 12:48:33 -0700

"James McIllece [MS]" <jamesmci@online.microsoft.com> wrote in
news:Xns955F7A7DF30E7jamesmcionlinemicros@207.46.248.16:

> "Ola Theander" <ola.theander@otsystem.com> wrote in
> news:eqyx61elEHA.2340@TK2MSFTNGP11.phx.gbl:
>
>> Dear subscribers
>>
>>
>>
>> I've just added a WLAN-router to allow wireless access to our
>> network. The thing is that I have some initial problems that doesn't
>> apply when we connect by wire and I hope that I can get some help
>> here.
>>
>>
>>
>> Problem 1)
>>
>> We distribute software using AD's group policies and unfortunately
>> some of the software we have must be installed using a group policy
>> assigned to the computer instead of a user, in this case AutoCAD
>> 2004. We prefer to install using user assigned policies but according
>> to Autodesk the software must be installed by a computer assigned GP.
>>
>>
>>
>> The thing is that since we use Radius to authenticate to the
>> WLAN-router the network is not accessible until an actual user logs
>> on and by that time the computer assigned software doesn't initiate
>> an install. Is there any workaround to this problem?
>>
>>
>>
>> Problem 2)
>>
>> We also use roaming profiles which allows the user to log in on an
>> arbitrary computer and still have their documents and preferred
>> environment configuration accessible. The roaming profile
>> configuration maps the "My Documents" folder, Desktop and
>> "Application Data" folder to a file server instead of the local
>> computer. This means that when the user logs off the computer a
>> synchronization sequence is initiated to copy the documents to the
>> assigned file server. The problem is that when this is done over the
>> WLAN it seems like the network connection is prematurely terminated,
>> i.e. before the synchronization is finished. This in turn means that
>> the synchronization fails and the user gets an annoying error message
>> at each log off and the files are not copied to the file server for
>> backup and roaming purposes.
>>
>>
>>
>> I realize that I may have to resort to using WEP or WPA instead of
>> Radius to resolve these issues but before I do that I want to see if
>> there is any possible to solve them while still using Radius.
>>
>>
>>
>> Any help on this matter would be greatly appreciated.
>>
>>
>>
>> Kind regards, Ola Theander
>>
>>
>>
>
> Hi Ola --
>
> I thought I would clarify a couple of things for you.
>
> WEP/WPA and RADIUS are not two versions of the same thing -- in fact
> for best security you should deploy both, with WPA preferred over WEP.
>
> WEP/WPA are part of the IEEE 802.11 standards and they are used to
> encrypt traffic between wireless client computers and wireless access
> points (APs). Once this link-layer authentication occurs between the
> client and AP, association occurs and other processes (such as 802.1X
> authentication) can begin.
>
> RADIUS, on the other hand, is a protocol used to encrypt traffic
> between wireless access points (which are called RADIUS clients) and
> IAS servers (a RADIUS server and/or proxy).
>
> You can use IAS as a RADIUS server to manage network access servers
> other than APs, too -- you can use it to manage VPN servers, dial-up
> servers, and 802.1X authenticating switches. If you do not use IAS,
> you must configure remote access policy at each AP instead of
> configuring it once on the IAS server for all APs.
>
>
>

Here are some additional resources for you:

Configuring Windows XP IEEE 802.11 Wireless Networks for the Home and Small
Business at
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.msp
x

Enterprise Deployment of Secure 802.11 Networks Using Microsoft Windows at
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx

"IEEE 802.11 Wireless LAN Security with Microsoft Windows XP"
http://www.microsoft.com/downloads/details.aspx?FamilyID=67fdeb48-74ec-
4ee8-a650-334bb8ec38a9&displaylang=en 

-- 
James McIllece, Microsoft
Please do not send email directly to this alias.  This is my online account 
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.

Relevant Pages

  • Re: Wireless Network Issue - SBS2K3 - Configuration and / or Topol
    ... I am quietly confident that moving the SBS to ... and the SBS is the DHCP/DNS server - but everything else in my house is ... wireless and it works fine. ... cause is incorrect network configuration and / or hardware topology. ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem with ISA, I think ...
    ... wireless access to the LAN (on my end I'd join the computer to the domain ... An additional Network card in the server will also be required for the ... Guest VLAN, and ISA 2004 needs to be installed on the Server, which I ... Antenna Guide at D-Link shows that the antenna below will work with the ...
    (microsoft.public.windows.server.sbs)
  • Re: wireless network disconnects when using IEEE 802.1x authentica
    ... since it gets encrypted before it leaves the wireless NIC ... For a home network or small ... >> Change that authentication key say every six months. ... >> RADIUS server to do that, and it works best if you've got an Active ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Wireless Network Issue - SBS2K3 - Configuration and / or Topology
    ... The core problem is unreliable wireless connectivity. ... cause is incorrect network configuration and / or hardware topology. ... I have a single NIC SBS2K3 Premium server with 5 clients and one ...
    (microsoft.public.windows.server.sbs)
  • Re: W2KDC server question
    ... I need to get back to where I was with Domains and AD and w2000 server ... maybe I should lose the wireless for now and that way I could use my laptop ... wireless network with my laptop xp pro also w/linksys wireless ...
    (microsoft.public.windows.server.setup)