RE: Configure Auth (802.1X) settings for Win2000 Clients
- From: rt-seb <rtseb@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 1 Feb 2007 13:06:00 -0800
Hello Brian,
I've written a tool that distributes 802.1x settings for LAN adapters.
This tool can be used for W2k and WinXP. It could be integrated into
any software distribution management. If you're interested in, you can
contact me privately: discuss(at)rt-solutions.de
Sebastian
"Brian S" wrote:
Windows 2000 Domain.
Windows 2000 Workstation
HP Procurve 2650 Switches
Authentication method – PEAP-MSCHAPv2 (configured to authenticate as computer)
Switches point to primary and secondary IAS svr with policies configured to
assign VLAN’s “on the fly”
Once I configure a port on the switch for 802.1X, then configure a client to
authenticate using 802.1X (with all the appropriate settings on the Local
Area Connection/Authentication Tab) everything works as designed. Based on
the policy for IAS the client is assigned X VLAN. If the client does not
authenticate then the client is placed (or better yet kept) in the
Unauthorized VLAN (segregated from the rest of the network). Now for my
problem:
A large portion of my clients cannot configure their Local Area
Connection/Authentication Tab setting themselves. I know you have to have
admin privileges to configure the Local Area Connection/General Tab, however,
performing tests as a non privileged user has given me mixed results for
changing the Authentication tab settings. I am pretty sure it’s a Group
Policy that is causing the issue. The ones that can’t do it see all greyed
out selections when they go to the Auth tab. WindXP clients work no matter
what. On WIN2K if I stand up a new workstation and add to domain it goes
into the default Computers container in AD. I tested numerous times and non
privileged users can go in to Authentication tab and make changes. Once I
place into our “production” OU it will then break and it’s greyed out with
non privileged users. Note that doing this test with XP produces no change.
I can’t find a setting in the group policy that would be changing this type
of permissions. What right or permission set does a regular user need to
administer their authentication settings? I cannot deploy this using the
Wireless GP template as that works for only WIN2003/XP, and I also cannot
give users admin privileges, even if it’s just on their own workstations. I
have looked into a way to deploy via scripting and never found a way to
accomplish this task that way. Is my only solution to walk around and
configure manually? I have over 500 clients at this one site, not including
the other sites. Your help would be greatly appreciated. Thanks!
- Follow-Ups:
- RE: Configure Auth (802.1X) settings for Win2000 Clients
- From: Brian S
- RE: Configure Auth (802.1X) settings for Win2000 Clients
- Prev by Date: Clients having problems connecting.
- Next by Date: RE: Configure Auth (802.1X) settings for Win2000 Clients
- Previous by thread: Clients having problems connecting.
- Next by thread: RE: Configure Auth (802.1X) settings for Win2000 Clients
- Index(es):
Relevant Pages
|
Loading
