Deploy Wireless Network with Group Policy
Steps to deploy Wireless Network with Group Policy for EAP-PEAP & EAP-TLS
Users will need to enter their Domain Credential to connect to the WIFI Network
Create a New Wireless Network Policy for Windows Vista and Later Releases under Computer Configuration – Windows Settings – Security Settings – Wireless Network (IEEE 802.11) Policies
Enter Policy Name, Description and Add – Infrastructure
Enter the SSID Name and click Add
Select the following
- Authentication = WPA2-Enterprise
- Encryption = AES-CCMP
- Network Authentication Method = Microsoft: Protected EAP (PEAP)
- Trusted Root Certificate Authorities – Select Internal CA Root Cert
- Authentication Method = Secured Password (EAP-MSCHAP v2)
- Ensure that Automatically use my Windows Logon Name and Password (and Domain if any) is checked
AES-CCMP. Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) implements the 802.11i standard and is designed for higher security encryption than that provided by WEP, and uses 128 bit AES encryption keys.
AES-GCMP. Galois Counter Mode Protocol (GCMP) is supported by 802.11ac, is more efficient than AES-CCMP and provides better performance for wireless clients. GCMP uses 256 bit AES encryption keys.
Click on Advanced and Enable Single Sign On for this Network with Perform immediately before user logon
User will connect to the configured SSID = LAB automatically when they rebooted their Windows 10 machines with computer policy applied.
Change the following for EAP-TLS Authentication
- Network Authentication Method = Microsoft: Smart Card or Other Certificate
- Authentication Mode = Computer Authentication
- Single Sign On is grey out when computer authentication is selected
Computer is connected to WIFI automatically when GPO applied