¶ Wired network | TLS authorization (certificate)
¶ Group Policy Object
GPO (abbbreviated from above) - is a tool for Windows system administrators that allows centralized management of operating system configuration and running applications on multiple computers at the same time. In other words, the GPO allows you to define rules regarding the range of computers' and their users' ability. The configuration of these rules takes place on the server and then, using a special filtering mechanism, it is sent to the selected computers.
GPO is an essential element of the Active Directory and, with it together, gives the greatest possibilities. You can learn how to configure Active Directory in the NACVIEW system on our website: www.nacview.com/pl (Download > Instructions > Active Directory).
1. On the domain controller, search for and open Group Policy Management.
2. Go to: Group Policy Objects - in order to do this, expand in the domain structure window: Forest > Domains > selected domain or organizational unit.
3. Right-click on the Group Policy Object and select: New.
4. In the window that appears enter a name for your new GPO and click: OK.
5. From the context menu, select Edit… for the new GPO.
6. In this window: Group Policy Management Editor, search for: Services (Computer Configuration > Preferences > Control Panel Settings > Services).
7. From the context menu, select: New and then: Service.
8. Set the parameters as shown on the screen below to configure the automatic launch of the supplicant service on the Windows end-user computers. The Recovery and Common tabs leave unchanged.
9. Go to the Security Settings (Computer Configuration > Policies > Windows Settings > Security Settings), then right-click on Wired Network (IEEE 802.3) Policies, then select: Create A New Wired Network Policy for Windows Vista and Later Releases.
10. In the window that appears, in the General tab, give this new policy a name.
11. Go to the Security tab now and set the parameters as shown on the screen below.
12. Press the Properties… button and set the parameters according to the following screen and click OK.
13. Click on Advanced… and set the parameters as in the screen below.
14. GPO is ready to use. Close all modal windows by confirming OK.
15. Connect the new GPO to the existing group of objects (computers) to which the new settings are to be applied. To do this, right-click on your given group of objects, and then select Link an Existing GPO… Choose the GPO you have just configured and click: OK.
16. If you want to speed up the replication of the new GPO, run (with the administrator privileges) PowerShell program on the server where you have set it up. Use the repadmin /syncall command and confirm the command. If your replication is successful, you will see a message saying "SyncAll terminated with no errors".
17. Now wait for the settings to get propagated to all computers in the domain. From now on, the supplicant on end devices has been configured. For any larger network, you can add more policies in order to allocate all relevant resources - based on identity, authorization type, and/or object groups.
18. To successfully authenticate computers and users with NACVIEW based on their certificates - just request (from the workstation) separate certificates for these objects.