Re: 802.1x Wired settings via GPO
From: Jeff Qiu [MSFT] (jefffqiu_at_online.microsoft.com)
Date: 05/04/04
- Next message: Mark Hove: "A Group Policy Object to Shutdown all Machines in an OU at a specified time"
- Previous message: Sebastjan Kocelj, Avtenta.SI: "Re: Backing Up Local Security Policy"
- In reply to: Mike: "Re: 802.1x Wired settings via GPO"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 04 May 2004 08:18:03 GMT
Hi Mike,
If there is anything else I can be of further assistance, please feel free
to post back.
Have a great day!
Best Regards,
Jeff Qiu
Microsoft Online Partner Support
MCSE 2000, MCDBA, MCSA
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--------------------
>From: "Mike" <nospam@nospam.com>
>Subject: Re: 802.1x Wired settings via GPO
>Date: Mon, 3 May 2004 08:35:03 -0400
>microsoft.public.windows.group_policy
>
>Thank you. I am going to see if we can't script this somehow.
>
>""Jeff Qiu [MSFT]"" <jefffqiu@online.microsoft.com> wrote in message
>news:16ktMePMEHA.3364@cpmsftngxa10.phx.gbl...
>> Hi Mike,
>>
>> Thank you for your update.
>>
>> After my regmon, I located the registry that controls this checkbox.
>>
>> It is set at offset0x0B on the key
>>
>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\Interfaces\{FA3CE2FD
-
>> AA46-4DEF-A36E-34B362D20CFC}
>> Value Name"
>> "1"
>>
>> The checkbox is controlled by that offset 0x0B
>>
>> If that byte is C0, it is checked.
>> If that byte is 40, it is unchecked.
>>
>> This value is a REG_BINARY type and the {FA3C...} may differs on your
>> machines. It is the device GUID of your network interface. It can be
>read
>> from:
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\NetworkCards\1
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\NetworkCards\2
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\NetworkCards\3
>> ..
>>
>> Value name:
>> "ServiceName"
>>
>> Based on the result above, I believe it is not properly to apply this
>> setting via GPO. From that whitepaper, it is suggested to set it
>manually.
>>
>> If you get any further updates, please feel free to let me know.
>>
>> Best Regards,
>>
>> Jeff Qiu
>> Microsoft Online Partner Support
>> MCSE 2000, MCDBA, MCSA
>> Get Secure! - www.microsoft.com/security
>> This posting is provided "as is" with no warranties and confers no
rights.
>>
>> --------------------
>> >From: "Mike" <nospam@nospam.com>
>> >Subject: Re: 802.1x Wired settings via GPO
>> >Date: Fri, 30 Apr 2004 10:31:43 -0400
>> >microsoft.public.windows.group_policy
>> >
>> >I took this quote straight from WinXP help.
>> >"IEEE 802.1x is a draft standard for port-based network access control,
>> >which provides authenticated network access to 802.11 wireless networks
>and
>> >to wired Ethernet networks. Port-based network access control uses the
>> >physical characteristics of a switched local area network (LAN)
>> >infrastructure to authenticate devices that are attached to a LAN port
>and
>> >to prevent access to that port in cases where the authentication process
>> >fails."
>> >
>> >When managing a large campus one doesn't want any random person to be
>able
>> >to plug into a port and go. With 802.1x we can authenticate them and
>> permit
>> >or deny access based on their credentials. We can also track them.
>> >
>> >What I need is a way to in mass configure 802.1x authentication for
their
>> >wired nic on my XP clients across our Active Directory domain. Ideally
>> this
>> >would be done in Group Policy. However, it looks like they only have a
>> >template for wireless.
>> >
>> >You will see what I am talking about if you right click and get
>properties
>> >for your hard wired network connection in XP. Click the authentication
>> tab.
>> >I need to be able to manage the settings on this screen for every
machine
>> in
>> >our domain.
>> >
>> >
>> >
>> >""Jeff Qiu [MSFT]"" <jefffqiu@online.microsoft.com> wrote in message
>> >news:z$WtuZqLEHA.3464@cpmsftngxa10.phx.gbl...
>> >> Hi Mike,
>> >>
>> >> Thanks for posting!
>> >>
>> >> I am afraid I am not sure what do you mean to use the 802.1x
>> >authentication
>> >> for wired networking.
>> >>
>> >> The 802.1x is designed for wireless networking.
>> >>
>> >> Here is a very detail article regarding the deployment of it in
>> >Enterprise:
>> >> Enterprise Deployment of Secure 802.11 Networks Using Microsoft
Windows
>> >>
>http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx
>> >>
>> >> Pleaes let me know why you want to apply this to your wired
networking.
>> >>
>> >> Have a great day!
>> >>
>> >> Best Regards,
>> >>
>> >> Jeff Qiu
>> >> Microsoft Online Partner Support
>> >> MCSE 2000, MCDBA, MCSA
>> >> Get Secure! - www.microsoft.com/security
>> >> This posting is provided "as is" with no warranties and confers no
>> rights.
>> >>
>> >> --------------------
>> >> >From: "Mike" <nospam@nospam.com>
>> >> >Subject: 802.1x Wired settings via GPO
>> >> >Date: Thu, 29 Apr 2004 10:28:48 -0400
>> >> >microsoft.public.windows.group_policy
>> >> >
>> >> >I googled for this and found some people asking the same question but
>no
>> >> >answers.
>> >> >
>> >> >We are deploying 802.1x for wired port authentication in our
>enterprise.
>> >> >
>> >> >Does anyone know of a way to deploy the 802.1x authentication
settings
>> to
>> >> >domain machines? They are all WinXP.
>> >> >
>> >> >I have read that there are settings in GPO for wireless but not
wired.
>> >> >
>> >> >Any other types of soultions for this deployment?
>> >> >
>> >> >Thanks!
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>> >
>>
>
>
>
- Next message: Mark Hove: "A Group Policy Object to Shutdown all Machines in an OU at a specified time"
- Previous message: Sebastjan Kocelj, Avtenta.SI: "Re: Backing Up Local Security Policy"
- In reply to: Mike: "Re: 802.1x Wired settings via GPO"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
