Re: 802.1x Wired settings via GPO

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Mike (nospam_at_nospam.com)
Date: 05/03/04 

Date: Mon, 3 May 2004 08:35:03 -0400

Thank you. I am going to see if we can't script this somehow.

""Jeff Qiu [MSFT]"" <jefffqiu@online.microsoft.com> wrote in message
news:16ktMePMEHA.3364@cpmsftngxa10.phx.gbl...
> Hi Mike,
>
> Thank you for your update.
>
> After my regmon, I located the registry that controls this checkbox.
>
> It is set at offset0x0B on the key
>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\Interfaces\{FA3CE2FD-
> AA46-4DEF-A36E-34B362D20CFC}
> Value Name"
> "1"
>
> The checkbox is controlled by that offset 0x0B
>
> If that byte is C0, it is checked.
> If that byte is 40, it is unchecked.
>
> This value is a REG_BINARY type and the {FA3C...} may differs on your
> machines. It is the device GUID of your network interface. It can be
read
> from:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\NetworkCards\1
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\NetworkCards\2
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\NetworkCards\3
> ..
>
> Value name:
> "ServiceName"
>
> Based on the result above, I believe it is not properly to apply this
> setting via GPO. From that whitepaper, it is suggested to set it
manually.
>
> If you get any further updates, please feel free to let me know.
>
> Best Regards,
>
> Jeff Qiu
> Microsoft Online Partner Support
> MCSE 2000, MCDBA, MCSA
> Get Secure! - www.microsoft.com/security
> This posting is provided "as is" with no warranties and confers no rights.
>
> --------------------
> >From: "Mike" <nospam@nospam.com>
> >Subject: Re: 802.1x Wired settings via GPO
> >Date: Fri, 30 Apr 2004 10:31:43 -0400
> >microsoft.public.windows.group_policy
> >
> >I took this quote straight from WinXP help.
> >"IEEE 802.1x is a draft standard for port-based network access control,
> >which provides authenticated network access to 802.11 wireless networks
and
> >to wired Ethernet networks. Port-based network access control uses the
> >physical characteristics of a switched local area network (LAN)
> >infrastructure to authenticate devices that are attached to a LAN port
and
> >to prevent access to that port in cases where the authentication process
> >fails."
> >
> >When managing a large campus one doesn't want any random person to be
able
> >to plug into a port and go. With 802.1x we can authenticate them and
> permit
> >or deny access based on their credentials. We can also track them.
> >
> >What I need is a way to in mass configure 802.1x authentication for their
> >wired nic on my XP clients across our Active Directory domain. Ideally
> this
> >would be done in Group Policy. However, it looks like they only have a
> >template for wireless.
> >
> >You will see what I am talking about if you right click and get
properties
> >for your hard wired network connection in XP. Click the authentication
> tab.
> >I need to be able to manage the settings on this screen for every machine
> in
> >our domain.
> >
> >
> >
> >""Jeff Qiu [MSFT]"" <jefffqiu@online.microsoft.com> wrote in message
> >news:z$WtuZqLEHA.3464@cpmsftngxa10.phx.gbl...
> >> Hi Mike,
> >>
> >> Thanks for posting!
> >>
> >> I am afraid I am not sure what do you mean to use the 802.1x
> >authentication
> >> for wired networking.
> >>
> >> The 802.1x is designed for wireless networking.
> >>
> >> Here is a very detail article regarding the deployment of it in
> >Enterprise:
> >> Enterprise Deployment of Secure 802.11 Networks Using Microsoft Windows
> >>
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
> >>
> >> Pleaes let me know why you want to apply this to your wired networking.
> >>
> >> Have a great day!
> >>
> >> Best Regards,
> >>
> >> Jeff Qiu
> >> Microsoft Online Partner Support
> >> MCSE 2000, MCDBA, MCSA
> >> Get Secure! - www.microsoft.com/security
> >> This posting is provided "as is" with no warranties and confers no
> rights.
> >>
> >> --------------------
> >> >From: "Mike" <nospam@nospam.com>
> >> >Subject: 802.1x Wired settings via GPO
> >> >Date: Thu, 29 Apr 2004 10:28:48 -0400
> >> >microsoft.public.windows.group_policy
> >> >
> >> >I googled for this and found some people asking the same question but
no
> >> >answers.
> >> >
> >> >We are deploying 802.1x for wired port authentication in our
enterprise.
> >> >
> >> >Does anyone know of a way to deploy the 802.1x authentication settings
> to
> >> >domain machines? They are all WinXP.
> >> >
> >> >I have read that there are settings in GPO for wireless but not wired.
> >> >
> >> >Any other types of soultions for this deployment?
> >> >
> >> >Thanks!
> >> >
> >> >
> >> >
> >>
> >>
> >
> >
> >
>

Relevant Pages

  • Re: Want to stop time synchronization form Primary Domain controller
    ... default kerberos for computer authentication for the ipsec main mode. ... > Directory domain controller group. ... > These users have to need to change machines' time for their requirement. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Lock down WWW Access
    ... Does anyone know if I can use pass thru authentication with squid? ... restricing local browser functionality. ... there's a number of ways you could deny access to ...
    (RedHat)
  • Best practices for mixed access (users in active directory/external)
    ... setting up a website in a DMZ. ... Users in our active directory domain ... should be able to access it without authentication (which actually ...
    (microsoft.public.dotnet.framework)
  • AD database authentication
    ... Is it posible to use a sql database for authentication in a active directory domain in mixed mode? ... What are the best methods or any resources on it? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Basic Authentication
    ... > Just having a few issues with authentication on my server. ... > I am trying to apply basic authentication to my root directory, ... You can deny access to everything in the ...
    (comp.infosystems.www.servers.unix)