Wired 802.1x

Greetings.

I have been researching this for some time and have not come up with a
solution.
Basically, I would like to configure the interface Authentication settings
across all clients to use PEAP, along with some other related adjustments.

After downloading and installing Windows 2003 SP1, it appears that Microsoft
has really missed the boat on this. WHY would they include new GPO-based
features for wireless but not wired interfaces???

Does anyone know of a tool/script that configures Authentication settings of
an interface?

Thanks

- Lee

Yes, Microsoft screwed this up. You cannot configure wired 802.1x properties
with group policy, or script, or any tool. Only manually, using GUI.

We should stay tuned for the OS feature packs, I guess.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

"Lee" <(E-Mail Removed)> wrote in message
news:BA5A5DA7-DDBC-42CE-99E9-(E-Mail Removed)...
> Greetings.
>
> I have been researching this for some time and have not come up with a
> solution.
> Basically, I would like to configure the interface Authentication settings
> across all clients to use PEAP, along with some other related adjustments.
>
> After downloading and installing Windows 2003 SP1, it appears that
Microsoft
> has really missed the boat on this. WHY would they include new GPO-based
> features for wireless but not wired interfaces???
>
> Does anyone know of a tool/script that configures Authentication settings
of
> an interface?
>
> Thanks
>
> - Lee

We didn't miss the boat...

802.1x is not the answer here: IPsec transport mode is. IPsec works fine
*with* 802.1x, but 802.1x will not provide end to end protection of
anything.

IPsec will provide authentication, nonrepudiation, and confidentiality.

When you look at the majority of threats that these 2 technologies are
designed to protect an enterprise from, IPsec is the hands-down winner.



"Lee" <(E-Mail Removed)> wrote in message
news:BA5A5DA7-DDBC-42CE-99E9-(E-Mail Removed)...
> Greetings.
>
> I have been researching this for some time and have not come up with a
> solution.
> Basically, I would like to configure the interface Authentication settings
> across all clients to use PEAP, along with some other related adjustments.
>
> After downloading and installing Windows 2003 SP1, it appears that
> Microsoft
> has really missed the boat on this. WHY would they include new GPO-based
> features for wireless but not wired interfaces???
>
> Does anyone know of a tool/script that configures Authentication settings
> of
> an interface?
>
> Thanks
>
> - Lee

"Steve Clark [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We didn't miss the boat...
>
> 802.1x is not the answer here: IPsec transport mode is. IPsec works fine
> *with* 802.1x, but 802.1x will not provide end to end protection of
> anything.
>
> IPsec will provide authentication, nonrepudiation, and confidentiality.
>
> When you look at the majority of threats that these 2 technologies are
> designed to protect an enterprise from, IPsec is the hands-down winner.
>



There you go.
So much for the customer is always right.


--
Pete
"Any color you want as long as it's black."


>
> "Lee" <(E-Mail Removed)> wrote in message
> news:BA5A5DA7-DDBC-42CE-99E9-(E-Mail Removed)...
> > Greetings.
> >
> > I have been researching this for some time and have not come up with a
> > solution.
> > Basically, I would like to configure the interface Authentication
settings
> > across all clients to use PEAP, along with some other related
adjustments.
> >
> > After downloading and installing Windows 2003 SP1, it appears that
> > Microsoft
> > has really missed the boat on this. WHY would they include new
GPO-based
> > features for wireless but not wired interfaces???
> >
> > Does anyone know of a tool/script that configures Authentication
settings
> > of
> > an interface?
> >
> > Thanks
> >
> > - Lee
>
>

Do you understand the fundamental differences between these two
technologies?

I'm not being argumentative, I'm trying to determine how best to demonstrate
where we counter threats....

Do you realize 802.1x has a fundamental problem with the way it
authenticates? When it was created years ago, it was all about wired
security. It was ported to wireless because it filled a particular gap that
exists. Now some are using it in a "wired" scenario.

What I'm saying is that IPsec is far more powerful than 802.1x ever thought
about being when it comes to protecting traffic on a per-packet basis.
802.1x is the equivalent of asking hosts to play nice on the network. IPsec
*forces* hosts to play nice on the network (if they want to talk to hosts
secured with it).




"Pete" <Pete@pete> wrote in message
news:(E-Mail Removed)...
>
> "Steve Clark [MSFT]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> We didn't miss the boat...
>>
>> 802.1x is not the answer here: IPsec transport mode is. IPsec works
>> fine
>> *with* 802.1x, but 802.1x will not provide end to end protection of
>> anything.
>>
>> IPsec will provide authentication, nonrepudiation, and confidentiality.
>>
>> When you look at the majority of threats that these 2 technologies are
>> designed to protect an enterprise from, IPsec is the hands-down winner.
>>
>
>
>
> There you go.
> So much for the customer is always right.
>
>
> --
> Pete
> "Any color you want as long as it's black."
>
>
>>
>> "Lee" <(E-Mail Removed)> wrote in message
>> news:BA5A5DA7-DDBC-42CE-99E9-(E-Mail Removed)...
>> > Greetings.
>> >
>> > I have been researching this for some time and have not come up with a
>> > solution.
>> > Basically, I would like to configure the interface Authentication
> settings
>> > across all clients to use PEAP, along with some other related
> adjustments.
>> >
>> > After downloading and installing Windows 2003 SP1, it appears that
>> > Microsoft
>> > has really missed the boat on this. WHY would they include new
> GPO-based
>> > features for wireless but not wired interfaces???
>> >
>> > Does anyone know of a tool/script that configures Authentication
> settings
>> > of
>> > an interface?
>> >
>> > Thanks
>> >
>> > - Lee
>>
>>
>
>