¶ Wireless network - PEAP authorization (login and password)
¶ Group Policy Object
GPO - is a tool for Windows system administrators that allows centralized management of operating system configuration and running applications on multiple computers at the same time. In other words, the GPO allows you to define rules regarding the range of computers' and their users' ability. The configuration of these rules takes place on the server and then, using a special filtering mechanism, it is sent to the selected computers.
GPO is an essential element of the Active Directory and, with it together, gives the greatest possibilities. You can learn how to configure Active Directory in the NACVIEW system on our website.
1. On the domain controller, search for and open Group Policy Management.
2. Go to: Group Policy Objects - to do this, in the domain structure window, expand: Forest > Domains > selected domain or organizational unit.
3. Right-click on the Group Policy Object and select: New.
4. In the window that appears enter a name for your new GPO and confirm with OK.
5. From the new GPO context menu select Edit….
6. In the window of Group Policy Management Editor, search for: Services (Computer Configuration > Preferences > Control Panel Settings > Services).
7. From the context menu, select: New and then: Service.
8. Set the parameters as shown below on the screen (service WlanSvc) to configure the automatic launch of the supplicant service on the Windows end-user computers. Leave the Recovery and Common tabs unchanged. Save all with OK.
9. Go to the Security Settings (Computer Configuration > Policies > Security Settings) and right-click on Wireless Network (IEEE 802.11) Policies, then select: Create A New Wireless Network Policy for Windows Vista and Later Releases.
10. In the window that appears, in the General tab, give the new policy a name (e.g. WIRELESS 802.1x)
11. Click on Add… > Infrastructure.
12. In the window that appears ( New Profile properties) complete the field Profile Name, e.g. EDUROAM.
13. Go to the Security tab and set the parameters as shown below on the screen.
14. Now click on ***Advanced…***and set the parameters as shown on the screen below.
15. Now GPO is ready. Close all these modal windows by confirming OK.
16. Connect the new GPO to the existing group of objects (computers) to which the new settings are to be applied. To do this, right-click on your given group of objects, and then select Link an Existing GPO… Select the GPO you have just configured and confirm with OK.
17. In order to speed up the replication of the new GPO, run (with the administrator privileges) PowerShell program on the server where you have already set it up. Use the repadmin /syncall command and confirm the command. If replication is successful, you will see a message saying ‘SyncAll terminated with no errors’).
18. Wait for the settings to get propagated to all computers in the domain. From now on, the supplicant on end devices has been configured. For any larger network you can obviously add more policies- to allocate appropriate resources based on identity, authorization type, and/or object groups.