WPA2 support + Group Policy

Hi all,

On 17/10/06, Microsoft released a security advisory notifying us of
support for WPA2 to be defined in group policies in Windows XP SP2
(http://www.microsoft.com/technet/security/...ory/917021.mspx)

When you look into this in more detail, there is an update that can be
downloaded and applied to Windows XP PC's to support (among other
things) support for WPA2 wireless policies to be defined in GPO's.

.... All looks very promising ... Until you go and try to configure such
policies in GPO editor --> Computer Configuration. If you do this from
a Windows XP PC, you don't natively get to see the "Wireless Network
(IEEE 802.11) Policies" branch.

So then I try to edit it from a Win 2003 computer. Yes, you can drill
down into "Wireless Network Policies" and define a new policy, but you
don't get the option to select WPA2 in the "Network Authentication"
drop down...

After much searching, I located an interesting hack
(http://www.petri.co.il/working_with_wirele...from_xp_sp2.htm) that
allows you to view/edit Wireless policies natively using GP editor on a
Win XP machine, but even after doing this (AND having update hotfix
917021 installed), you still don't get to select WPA2 as an
authentication method !!!!

.... I feel like I'm chasing my tail ...

Reading the Microsoft blub again, I note the following:-

"On a computer that is running Windows Vista or that is running
Microsoft Windows Server Code Name "Longhorn," you can specify WPA2
options when you configure wireless networks by using the Wireless
Network (IEEE 802.11) Policies node of Computer Configuration Group
Policy."


.... So Microsoft ... Does this mean that to successfully implement WPA2
via group policy we MUST be using a Vista or Longhorn machine to edit
the group policy? My interpretation is that this is a big YES - but I'm
curious if other people are reading this the same way as I am.... or
even better still if someone had managed to get this working
(sans-Vista).

It does seem kinda counter-productive that Microsoft releases an update
for WinXP that you can't actually make use of until you use a Beta OS
to implement.... Then again, gauging by the amount of newsgroup flak
Microsoft has copped over their lag in support for WPA2 maybe I
shouldn't be too surprised :-)

Cheers,
Brendan.

.

Relevant Pages

  • RE: AD Policy audit tool for Windows 2000
    ... On XP and above you can do gpresult.exe /v on a per workstation/user ... AD Policy audit tool for Windows 2000 ... GPInventory from Microsoft: I am not sure about this either. ... I am trying to find the policies that has been changed by ...
    (Security-Basics)
  • Re: XP SP3 Problems/Help
    ... What in the release notes for SP-3 convinced you that you must have ... latest version of MDAC and not as part of Windows Update. ... Microsoft requires it, they'll shove it at you when you visit Windows ... Well, if you haven't figured them out by now, you don't use policies. ...
    (microsoft.public.windowsxp.general)
  • RE: AD Policy audit tool for Windows 2000
    ... I don't have this or a Windows 2000 machine handy so I ... This can compare settings ... GPInventory from Microsoft: I am not sure about this either. ... I am trying to find the policies that has been changed by ...
    (Security-Basics)
  • Re: WinPak
    ... Fix for Running Winpak 2 version 4 on Windows XP machine with Service Pack ... POLICIES ... MICROSOFT ... Then click anywhere in the RPC window and CREATE New DWord value ...
    (microsoft.public.windowsxp.network_web)
  • Re: WinPak
    ... Fix for Running Winpak 2 version 4 on Windows XP machine with Service Pack ... POLICIES ... MICROSOFT ... Then click anywhere in the RPC window and CREATE New DWord value ...
    (microsoft.public.windowsxp.network_web)