Differences

This shows you the differences between two versions of the page.

--- microsoft:windows_server:wireless_access_deployment [2020/12/09 15:18] – hvillanueva
+++ microsoft:windows_server:wireless_access_deployment [2020/12/09 15:28] – hvillanueva
@@ Line 264: / Line 264: @@
 In the next section you can order the policy profiles for optimum security.
+==== Set the Preference Order for Wireless Connection Profiles ====
+You can use this procedure if you have created multiple wireless profiles in your wireless network policy and you want to order the profiles for optimal effectiveness and security.
+To ensure that wireless clients connect with the highest level of security that they can support, place your most restrictive policies at the top of the list.
+For example, if you have two profiles, one for clients that support WPA2 and one for clients that support WPA, place the WPA2 profile higher on the list. This ensures that the clients that support WPA2 will use that method for the connection rather than the less secure WPA.
+This procedure provides the steps to specify the order in which wireless connection profiles are used to connect domain member wireless clients to wireless networks.
+Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.
+=== To set the preference order for wireless connection profiles ===
+. In GPME, in the wireless network properties dialog box for the policy that you just configured, click the General tab.
+. On the General tab, in Connect to available networks in the order of profiles listed below, select the profile that you want to move in the list, and then click either the "up arrow" button or “down arrow” button to move the profile to the desired location in the list.
+. Repeat step 2 for each profile that you want to move in the list.
+. Click OK to save all changes.
+In the following section, you can define network permissions for the wireless policy.
+==== Define Network Permissions ====
+You can configure settings on the Network Permissions tab for the domain members to which Wireless Network (IEEE 802.11) Policies apply.
+You can only apply the following settings for wireless networks that are not configured on the General tab in the Wireless Network Policy Properties page:
+  * Allow or deny connections to specific wireless networks that you specify by network type and Service Set Identifier (SSID)
+  * Allow or deny connections to ad hoc networks
+  * Allow or deny connections to infrastructure networks
+  * Allow or deny users to view network types (ad hoc or infrastructure) to which they are denied access
+  * Allow or deny users to create a profile that applies to all users
+  * Users can only connect to allowed networks by using Group Policy profiles
+Membership in Domain Admins, or equivalent, is the minimum required to complete these procedures.
+==== To allow or deny connections to specific wireless networks ====
+. In GPME, in the wireless network properties dialog box, click the Network Permissions tab.
+. On the Network Permissions tab, click Add. The New Permissions Entry dialog box opens.
+. In the New Permission Entry dialog box, in the Network Name (SSID) field, type the network SSID of the network for which you want to define permissions.
+. In Network Type, select Infrastructure or Ad hoc.
+{{:microsoft:windows_server:wireless_access_deployment_11_-_hvillanueva.jpg?600|}}
+. In Permission, select Allow or Deny.
+. Click OK, to return to the Network Permissions tab.
+==== To specify additional network permissions (Optional) ====
+. On the Network Permissions tab, configure any or all of the following:
+  * To deny your domain members access to ad hoc networks, select Prevent connections to ad-hoc networks.
+  * To deny your domain members access to infrastructure networks, select Prevent connections to infrastructure networks.
+  * To allow your domain members to view network types (ad hoc or infrastructure) to which they are denied access, select Allow user to view denied networks.
+  * To allow users to create profiles that apply to all users, select Allow everyone to create all user profiles.
+  * To specify that your users can only connect to allowed networks by using Group Policy profiles, select Only use Group Policy profiles for allowed networks.
+===== Configure your NPSs =====
+Follow these steps to configure NPSs to perform 802.1X authentication for wireless access:
+  * ItemRegister NPS in Active Directory Domain Services
+  * Configure a Wireless AP as an NPS RADIUS Client
+  * Create NPS Policies for 802.1X Wireless using a Wizard
+==== Register NPS in Active Directory Domain Services ====
+You can use this procedure to register a server running Network Policy Server (NPS) in Active Directory Domain Services (AD DS) in the domain where the NPS is a member. For NPSs to be granted permission to read the dial-in properties of user accounts during the authorization process, each NPS must be registered in AD DS. Registering an NPS adds the server to the RAS and IAS Servers security group in AD DS.
+{{:microsoft:windows_server:wireless_access_deployment_12_-_hvillanueva.jpg?600|}}
+Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.
+=== To register an NPS in its default domain ===
+On your NPS, in Server Manager, click Tools, and then click Network Policy Server. The NPS snap-in opens.
+Right-click NPS (Local), and then click Register Server in Active Directory. The Network Policy Server dialog box opens.
+In Network Policy Server, click OK, and then click OK again.