Wireless Access

Reply
MVP
Posts: 1,412
Registered: ‎11-30-2011

Win7 and WPA2-Enterprise SSID

got a customer who is 100% sure they didn't have to setup their WPA2-Enterprise SSIDs on Windows 7 manually in the past and the configuration wasn't done with a group policy either. does anyone here made that work once?

 

my experience with Windows 7 is that i really have to create a new wireless network in Windows 7 and set the correct settings (certificate CA, ...,) myself. if i just click the SSID from the list then Windows 7 won't connect, and won't put it in the list of SSIDs for me to edit later on.

 

does anyone have another way to handle this (expect for group policies, which are of course the best way, but i just want to know if i ever missed something).

Guru Elite
Posts: 8,337
Registered: ‎09-08-2010

Re: Win7 and WPA2-Enterprise SSID

If you want the user to manually enter credentials instead of automatically using the Windows logon credentials or machine credentials, you will have to manually configure the client, use Group Policy to push out the config, or use a supplicant configuration tool such as ClearPass QuickConnect or Eduroam SU1X.

 

In terms of the certificate, Windows 7 will usually prompt the user to accept the presented server cert.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Win7 and WPA2-Enterprise SSID


boneyard wrote:

got a customer who is 100% sure they didn't have to setup their WPA2-Enterprise SSIDs on Windows 7 manually in the past and the configuration wasn't done with a group policy either. does anyone here made that work once?

 

my experience with Windows 7 is that i really have to create a new wireless network in Windows 7 and set the correct settings (certificate CA, ...,) myself. if i just click the SSID from the list then Windows 7 won't connect, and won't put it in the list of SSIDs for me to edit later on.

 

does anyone have another way to handle this (expect for group policies, which are of course the best way, but i just want to know if i ever missed something).


With Windows 7, if you are using an AD enterprise CA that issued the server certficate, if you just click on the SSID it will authenticate automatically and not require you to set anything up.  Unfortunately, it will default to machine only authentication.

 

So the short answer, is YES, if the cert situation is setup properly, you just click and it will take the machine credentials and submit them.  By default, unfortunately, it takes the machine credentials even when the user is logged in.  That is probably the biggest reason why you need to set it up with group policy to submit user and computer credentials.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: