I quote from the "Microsoft Windows Small Business Server 2003
Administrators Companion" book:-
"Although PEAP provides great wireless security and is easier to
implement than EAP-TLS authentication, there are two significant
drawbacks. The first is that you won't be able to remotely administer
wireless clients unless someone's logged on. The second is that Group
Policy Computer Configuration won't work."
Based on my own experience of using PEAP based wireless networks, I
would disagree with both of the above statements.
1. When a computer on the network starts up, the computer account
authenticates. This is confirmed by the following;
i) An event appears in the event log stating that the computer account
has authenticated
ii) I can access the computer via Computer Management from the server
iii) There is an option in the configuration that states to
"Authenticate as computer when computer information is available"
iv) When a user logs on, another event occurs stating the user has
been given access. When the user logs off, the computer again
authenticates.
v) The computer account is denied access unless Dial-In access is
granted according to the Remote Access Policy.
2. I can only assume the statement about Group Policy Computer
Configuration not working is because of the first point that,
according to the book, the computer does not have network access until
a user logs on. Thus, no access, how can Group Policy be applied?
I am surprised to read this because without the computer obtaining
network access the whole process of domain access, DNS registration,
roaming profiles etc will not work unless network access is obtained
prior to logon.
These statements are based on experience gained from using Cisco
Aironet Access Points, Windows 2003 Small Business Server, Both
Verisign and Microsoft Certificates and Windows XP Desktops using the
WZC service.
Can anyone shed some light on this?
Kevin
|
Similar Threads
Linear Mode
