Re: My Documents Redirection with Laptop using WiFi
- From: "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 15 Aug 2006 17:58:32 -0400
I might have dreamed that auto-enrollment success message. I'm not seeing
it on my desktop PC, but I connect to the wireless network normally. So
don't look for auto-enrollment success, only failure.
If you're worried about security, you need to do it Owen's way whether you
get the laptops to perform without it or not. Unfortunately, your other
options are WEP (the wi-fi alliance does not even include WEP on their
security page) or WPA with pre-shared key. WPA with pre-shared key is a lot
better than nothing, but the key is available to anyone with access to the
network. With the certificate method, not only can you revoke the
certificate if someone quits or a laptop is stolen, but also, it's two way
authentication. So if someone puts a rogue access point in range of one of
your laptops, the laptop won't authenticate to it.
I don't claim to be a security expert, but I did a mountain of research
before allowing wireless in my office, and IMO WPA with RADIUS (IAS) is the
only method that's secure enough for me to trust.
"Chester" <chester.hull@xxxxxxxxx> wrote in message
news:1155675585.455805.107950@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dave, thanks. The laptop was plugged directly in with a wire, then shut
down, rebooted, and I ran gpupdate /force from a command prompt. I
never got the auto-enrollment message, so maybe something was wrong
with my GPO.
I also see Chris's message below, and I will look into that. I'm
running an Intel Core Duo chip, with built-in WiFi, so maybe there is a
utility for that.
Thanks!
Chester
Dave Nickason [SBS MVP] wrote:
One hint is that the laptops need to be connected to the wired network
when
you install the certificate. You'll get an auto-enrollment message when
the
GPO installs the certificate, so watch for that as an indication that the
laptop has the necessary group policies (including auto-enrollment).
Owen wrote that doc with great attention to detail, so the closer you
follow
it, the less likely you are to have issues. If you do run into anything
while configuring it, feel free to post back. I did the wireless
configuration for security reasons, but I've been very happy with the
results in peformance and reliability as well. It's well worth doing.
"Chester" <chester.hull@xxxxxxxxx> wrote in message
news:1155611275.770763.298340@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dave Nickason [SBS MVP] wrote:
I'm not sure why the laptops wouldn't boot, but I suspect you may be
on
track with what you're thinking. I'd guess that something is trying
to
connect to a resource it's not authenticated for.
If you set up your wireless securely with certificates on the laptops,
the
computers will be able to authenticate to the network as soon as they
get
the wireless connection. In your current situation (I'm guessing),
there's
no authentication until the user logs in.
If you configure the wireless this way, you'll have a wireless
experience
that's very similar to wired (login scripts run, drives map, etc.).
Here's
how you do it, in a step-by-step article from SBS MVP Owen Williams.
http://home.comcast.net/~clearviewtc/
Dave, you're on the track that I'm thinking. And thanks for the link.
My initial try at that configuration failed. Everything seemed to go
ok, except the laptop got hung with about half of the GP on it.
(incidentally, the Windows Mobile 2003 phones that sync to the server
also stopped. Probably would have just had to install the Cert on them,
or something). Anyway, after the inital foray into this, I ran out of
time, and ended up undoing the GPO, Radius server settings, and rolling
back. Going to have another shot at it soon.
But yes, the problem is, the Wifi doesn't connect until the user is
logged in. Which means that no logon scripts will run.
So I think you've got me on the right track here. Thanks! I'll keep at
it!
Chester
"Chester" <chester.hull@xxxxxxxxx> wrote in message
news:1155566608.868882.201320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hello, We enabled My Documents redirection on the network, and the
wired computers work fine with it, but the laptops connecting over
WiFi
fail to boot. They simply hang in the Applying Settings stage.
When we wire those same laptops into the network, they will boot
fine,
but then if we shut down, and try to reboot again on the wireless,
we
get the same problem.
I'm assuming this is because the WiFi connection is not connected
yet
in the boot process when the laptop is looking for the My Documents
folder.
How can we get around this, or how can we accomplish what we are
trying
to do?
The end goal is to have the two users in our office that use both a
laptop and a desktop have their documents available on either
computer.
Should we use My Documents redirection, Roaming Profiles, or
something
else to accomplish this?
Also, the laptops are used off the network, so they would need
offline
access to the files.
Thanks!
Chester
.
- References:
- My Documents Redirection with Laptop using WiFi
- From: Chester
- Re: My Documents Redirection with Laptop using WiFi
- From: Dave Nickason [SBS MVP]
- Re: My Documents Redirection with Laptop using WiFi
- From: Chester
- Re: My Documents Redirection with Laptop using WiFi
- From: Dave Nickason [SBS MVP]
- Re: My Documents Redirection with Laptop using WiFi
- From: Chester
- My Documents Redirection with Laptop using WiFi
- Prev by Date: Re: SBS with 2003 standard at branch office
- Next by Date: Re: Remote Web Workplace connectivity - but not for all client computers
- Previous by thread: Re: My Documents Redirection with Laptop using WiFi
- Next by thread: Re: My Documents Redirection with Laptop using WiFi
- Index(es):
Relevant Pages
|
