How can I enable domain authentication over wireless in Windows 7/2k8?

windows-server-2008 active-directory windows-7 authentication wifi
76,320

Solution 1

Try this (on the client computer):

  1. Login locally using a user with administrator privileges.

  2. Connect to your office's wireless network, save the credentials, and then make sure you check the "Connect automatically" checkbox.

  3. Open a command prompt window and type the following command to find the profile name of your wireless network: netsh wlan show profiles

    netsh wlan show profile

  4. Let's say the profile to use in the example is "office-network". Open regedit and look for the key HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  5. Create a new String Value (REG_SZ) at that location, and name it anything you want (i.e. WIFI_Connect), and enter the following command string: %comspec% /c netsh wlan connect name="<profile name>" where profile name in our example would be "office-network".

  6. Reboot the laptop for this to take effect.

  7. If it still doesn't work or fails to connect to your office network at pre-logon, try enabling the following Local Group Policy (using gpedit.msc): Computer Configuration\Policies\Administrative templates\System\Logon\Always wait for the network at computer startup and logon. A full description of what this policy does is present on the dialog when you edit it. (It's too long to paste here).

  8. If it still says it cannot find a valid domain, it could be a DNS issue. Make sure that the wireless router providing you the connection is setup to provide the proper DNS servers over DHCP, and that the domain can be resolved with them.

If not of that works, I don't know what is wrong, but it's nothing obvious. Every KB I've read so far point to this solution, and it seems to work well for others.

Solution 2

I've setup this exact scenario except I do not use any 3rd party wireless utilities such as the Dell one, I simply let Windows do it's thing.

I set this up on 7 but should be the same for Vista and actually XP. Since I hate doing things redundantly and repetitively, I simply use the GPO Computer Config > Policies > Windows Settings > Security Settings > Wireless Network (IEEE 802.11) Policies. You can create a Vista+ and XP policy in there that gets the job done.

Also good idea to enable "Always wait for the network at computer start-up and logon" (Computer Config > Policies > Administrative Templates > System/Logon).

When the SSID is in range, the machine will connect to it using the credentials supplied at logon (SSO), connect then auth. Also, if the credentials supplied to not allow the machine to connect, I have it set to the user can be prompted to enter credentials again for wireless (not necessary with SSO but in some cases it's useful).

Here are some screenshots from my setup: http://www.reborndigital.com/pubfiles/wifi_gp_ss/

Hope that helps!

Share:
76,320

Related videos on Youtube

Iszi
Author by

Iszi

This is a canary message, to be removed in the case of my death. If you're reading this, I haven't died yet. Then again, how would you know? I mean, how could I possibly delete this message after my own demise? You know what? Just go ahead and assume I'm dead. Any posts appearing to be made by me are from an impostor who's stolen my identity post-mortem, and only further prove the fact that I am dead. After all, why would I even think to post a canary message if I was expecting to be alive to remove it anyway? In any case, I'm still not the droid you're looking for.

Updated on September 18, 2022

Comments

  • Iszi
    Iszi over 1 year

    I've got several domain-member laptops which commonly roam to places where there aren't any network ports available. Occasionally, during these times, the laptop may be used by someone who has not logged into it previously - therefore, they cannot rely on cached credentials to allow them onto the system.

    We also have a fairly ubiquitous wireless network that allows us to connect using our domain accounts for 802.1X authentication. Under this configuration, the Dell WLAN Card Utility has a feature which allows the system to connect to the wireless network at logon (after the user has entered their credentials) prior to attempting authentication to the domain for local system access.

    Here's the option in the configuration screen:

    enter image description here

    Here's the feature in action, just after submitting user credentials at the login screen. This occurs before allowing the user local access to the system. The computer initializes the wireless adapter, searches for the wireless network, authenticates to the wireless network (presumably with the supplied user credentials), grabs an IP address, and then searches for a Domain Controller. Once the Domain Controller is found, the user (if authenticated) is then logged in to the local system.

    enter image description here

    The above screenshots are from Server 2003, but I'm upgrading the laptops to Server 2008 and would rather not install the vendor-specific utility if it is not needed. Is this a feature that is built-in to newer versions of Windows? If so, how do I enable it without having to use the vendor-specific configuration utility? Could the configuration be pushed through a GPO?

  • Iszi
    Iszi about 12 years
    I'm not sure "computer-only authentication" is appropriate here. Though I'm not very familiar with what our RADIUS servers allow regarding this, I'm fairly certain we still need the user credentials to connect. Also, please provide actual content with your answer - not just a headline and link.
  • raja
    raja about 12 years
    @Iszi so you don't computer authentication but you do want user authentication?
  • Iszi
    Iszi about 12 years
    @JimB I'm not sure what the computer authentication situation is here in terms of the wireless network, so I'd like to presume we can only authenticate users.
  • Yanick Girouard
    Yanick Girouard about 12 years
    The link is all the meat I have short of transcribing the article literally. What "meat" do you want exactly? It's pretty straight forward from what I can tell.
  • raja
    raja about 12 years
    I think the article explains the differences pretty well - is there a part in the article you are confused about?
  • Iszi
    Iszi about 12 years
    No matter. Tried and failed.
  • Iszi
    Iszi about 12 years
    The article explains the differences just fine. However, I believe that the "computer-only authentication" is something that has to be supported by the RADIUS server. For example, I cannot connect to the wireless network when I am logged in with a local account unless I provide my domain credentials. If computer-only authentication was allowed by the network, wouldn't this be possible? Or, is this possibly because it is disabled by default on the client side?
  • Iszi
    Iszi about 12 years
    I just checked the configuration per the directions in your linked article. The current authmode is "machineOrUser". Therefore, if I'm reading the descriptions correctly, it is not a matter of setting the system to computer-only authentication because it should already be attempting computer authentication when the user is not logged in. The problem (regardless of whether computer authentication will work or not) is getting the system to join the wireless network before trying log the user in locally, so that the computer can bounce the user's credentials off the domain controller.
  • Yanick Girouard
    Yanick Girouard about 12 years
    Apparently the site I linked to is in maintenance now, but the KB was precisely to do what you wanted. What part is not working for you exactly?
  • Yanick Girouard
    Yanick Girouard about 12 years
    I've edited my answer to transcribe all the details of the KB I had linked, and more... I would appreciate if you could upvote to remove the negative votes, as this was a valid answer. You didn't need to vote it down just because it didn't work the first time for you.
  • Shadow00Caster
    Shadow00Caster about 12 years
    This is indeed a valid answer, I have used this method before -- there are just better more efficient ways of doing this.
  • Iszi
    Iszi about 12 years
    I've still got some problems with this, in regards to Steps 7 & 8. I still need the systems to be able to allow login when the DC is unreachable. Will this policy prevent that (reading it on an XP system, it doesn't say)? Also, the description says that this is the default behavior for servers. So, that's not my issue. DNS is also not the problem, since the feature works when using the WLAN card vendor's software.
  • Yanick Girouard
    Yanick Girouard about 12 years
    I've re-read the description several times and it says it is NOT enabled by default. "By default, on client computers, Group Policy processing is not synchronous; client computers typically do not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available.". Did I miss something? Note: This has to be changed on the client computer, not the server.
  • Yanick Girouard
    Yanick Girouard about 12 years
    I believe it also means that it will not log you on with cached credentials automatically, but will check to see if there's a network connection first, and then apply the GPOs. It doesn't say it will wait forever for it and prevent you from loging in if the network is not available. I guess you'd have to test it to be 100% sure though.
  • Iszi
    Iszi about 12 years
    Okay, perhaps I should be more clear: I am doing this on a server OS. I have laptops running Server 2008 that need to do this. This is spelled out in my question also. (P.S.: Removed down-vote, since the question does now have some useful information other than just a hyperlink. Thanks.)
  • Yanick Girouard
    Yanick Girouard about 12 years
    Ohhhhh! This was not clear enough I guess. I just noticed that you wrote you're upgrading your laptops to Windows Server 2008. It's a little unusual to say the least.
  • Iszi
    Iszi about 12 years
    @YanickGirouard Your confusion is understandable. I'd love to run these on Windows 7, but the software that we need on them requires a Server OS and some other services that just aren't meant to be run on anything less. (P.S. Substitute "answer" for "question" in my previous P.S.)
  • Iszi
    Iszi about 12 years
    I haven't gotten to test any of this, but I'm curious as to how much of these settings are actually required for my desired functionality, and how much of it is specific to your own network's configuration and/or administrative preferences? I'm especially interested in clarification of screenshots 24 & 25. If you could give more specifics about this, and perhaps include inline screenshots of the absolutely necessary configurations, that would be wonderful. It would also help the answer survive if your screenshot links ever die. Thanks again for the information!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is it possible to logon to a domain via wireless in windows 7?
How can I clear cached domain credentials?
Re-add computer to domain without local admin
How to make network drives appear even if disconnected?
The session setup from the computer <computerName> failed to authenticate
How do you rebuild a Windows 7 user profile on a PC joined to an Active Directory domain and why would you want to do this?
WIFi Authentication with Windows Active Directory
Active Directory computer account password not in sync
Risks in raising domain Functional Level from 2003 mixed to 2008 native
Biometeric authentication with Active Directory