¶ Wireless network - TLS authorization (certificate)
¶ Group Policy Object
GPO - is a tool for Windows system administrators that allows centralized management of operating system configuration and running applications on multiple computers at the same time. In other words, the GPO allows you to define rules regarding the range of computers' and their users' ability. The configuration of these rules takes place on the server and then, using a special filtering mechanism, it is sent to the selected computers.
GPO is an essential element of the Active Directory and, with it together, gives the greatest possibilities. You can learn how to configure Active Directory in the NACVIEW system on our website.
1. On the domain controller, search for and open Group Policy Management.
2. Go to the Group Policy Objects -to do this, in the domain structure window, expand: Forest > Domains > selected domain or organizational unit.
3. Right-click on the Group Policy Object and select: New.
4. In the window that appears enter a name for your new GPO and confirm with OK.
5. From the context menu, select Edit… for the new GPO.
6. In the window: Group Policy Management Editor, search for: Services (Computer Configuration > Preferences > Control Panel Settings > Services).
7. From the context menu, select: New and then: Service.
8. Set the parameters as shown on the screen below (service WlanSvc) to configure the automatic launch of the supplicant service on the Windows end-user computers. The Recovery and Common tabs leave unchanged. Save it all confirming OK .
9. Go to the Security Settings (Computer Configuration > Policies > Security Settings), then right-click on Wireless Network (IEEE 802.11) Policies, then select: Create A New Wired Network Policy for Windows Vista and Later Releases.
10. In the window that appears, in the General tab, give this new policy a name (e.g.WIRELESS 802.1x).
11. Click on Add… > Infrastructure.
12. In the displayed window (New Profile properties) complete the Profile Name field, e.g. EDUROAM.
13. Go to the Security tab now and set the parameters as shown on the screen below.
14. Click on ***Advanced…***and set the parameters as in the screen below.
15. GPO is ready to use. Close all modal windows by confirming OK.
16. Connect the new GPO to the existing group of objects (computers), to which the new settings are to be applied. To do this, right-click on your given group of objects and then select Link an Existing GPO… Select the GPO you have just configured and click: OK.
17. If you want to speed up a replication of the new GPO, run (with the administrator privileges) PowerShell program on the server where you have set it up. Use the repadmin /syncall and confirm the command. If your replication is successful, you will see a message saying: "SyncAll terminated with no errors".
18. Wait now for the settings to get propagated to all computers in the domain. From now on, the supplicant on end devices has been configured. For any larger network, you can add more policies in order to allocate all relevant resources - based on identity, authorization type, and/or object groups.