Security

Hi guys,

I'm wondering if anyone knows about a workaround for an issue I stumbled across lately.

I'm currently using EAP-TLS for Windows devices with machine + user authentication on the wired side. All is working well and both certificates are authenticating fine.The Windows authentication profiles are pushed by GPO.

When @ the login prompt, I machine auth successfully and then my problem is when I log in with the local admin account. Since this account is not part of AD, it has no user certificate enrolled. I would expect a method to tell the Windows PC that if no user cert exist in the store, fallback to machine certificate even if a user session is logged in. Since settings are managed by GPO, its greyed out and impossible to modify. Then my only options seems to be either having a generic user cert on a USB stick or use netsh to modify profile with a script and override GPO.

Anyone had this problem and found a setting to overcome it?

Thanks :)

Hi guys,

I'm wondering if anyone knows about a workaround for an issue I stumbled across lately.

I'm currently using EAP-TLS for Windows devices with machine + user authentication on the wired side. All is working well and both certificates are authenticating fine.The Windows authentication profiles are pushed by GPO.

When @ the login prompt, I machine auth successfully and then my problem is when I log in with the local admin account. Since this account is not part of AD, it has no user certificate enrolled. I would expect a method to tell the Windows PC that if no user cert exist in the store, fallback to machine certificate even if a user session is logged in. Since settings are managed by GPO, its greyed out and impossible to modify. Then my only options seems to be either having a generic user cert on a USB stick or use netsh to modify profile with a script and override GPO.

Anyone had this problem and found a setting to overcome it?

Thanks :)

Hi guys,

I'm wondering if anyone knows about a workaround for an issue I stumbled across lately.

I'm currently using EAP-TLS for Windows devices with machine + user authentication on the wired side. All is working well and both certificates are authenticating fine.The Windows authentication profiles are pushed by GPO.

When @ the login prompt, I machine auth successfully and then my problem is when I log in with the local admin account. Since this account is not part of AD, it has no user certificate enrolled. I would expect a method to tell the Windows PC that if no user cert exist in the store, fallback to machine certificate even if a user session is logged in. Since settings are managed by GPO, its greyed out and impossible to modify. Then my only options seems to be either having a generic user cert on a USB stick or use netsh to modify profile with a script and override GPO.

Anyone had this problem and found a setting to overcome it?

Thanks :)

Hi guys,

I'm wondering if anyone knows about a workaround for an issue I stumbled across lately.

I'm currently using EAP-TLS for Windows devices with machine + user authentication on the wired side. All is working well and both certificates are authenticating fine.The Windows authentication profiles are pushed by GPO.

When @ the login prompt, I machine auth successfully and then my problem is when I log in with the local admin account. Since this account is not part of AD, it has no user certificate enrolled. I would expect a method to tell the Windows PC that if no user cert exist in the store, fallback to machine certificate even if a user session is logged in. Since settings are managed by GPO, its greyed out and impossible to modify. Then my only options seems to be either having a generic user cert on a USB stick or use netsh to modify profile with a script and override GPO.

Anyone had this problem and found a setting to overcome it?

Thanks :)

Hi guys,

I'm wondering if anyone knows about a workaround for an issue I stumbled across lately.

I'm currently using EAP-TLS for Windows devices with machine + user authentication on the wired side. All is working well and both certificates are authenticating fine.The Windows authentication profiles are pushed by GPO.

When @ the login prompt, I machine auth successfully and then my problem is when I log in with the local admin account. Since this account is not part of AD, it has no user certificate enrolled. I would expect a method to tell the Windows PC that if no user cert exist in the store, fallback to machine certificate even if a user session is logged in. Since settings are managed by GPO, its greyed out and impossible to modify. Then my only options seems to be either having a generic user cert on a USB stick or use netsh to modify profile with a script and override GPO.

Anyone had this problem and found a setting to overcome it?

Thanks :)

Hi guys,

I'm wondering if anyone knows about a workaround for an issue I stumbled across lately.

I'm currently using EAP-TLS for Windows devices with machine + user authentication on the wired side. All is working well and both certificates are authenticating fine.The Windows authentication profiles are pushed by GPO.

When @ the login prompt, I machine auth successfully and then my problem is when I log in with the local admin account. Since this account is not part of AD, it has no user certificate enrolled. I would expect a method to tell the Windows PC that if no user cert exist in the store, fallback to machine certificate even if a user session is logged in. Since settings are managed by GPO, its greyed out and impossible to modify. Then my only options seems to be either having a generic user cert on a USB stick or use netsh to modify profile with a script and override GPO.

Anyone had this problem and found a setting to overcome it?

Thanks :)