Creating Wireless GPO Setting

I found this nice blog by Darren Mar-Elia regarding an issue with editing wireless GPO settings from a Windows XP SP2 machine. I thought it was interesting enough to share, so here is my interpretation of it.

If you may recall, Windows Server 2003 has added quite a few good GPO settings, some of which only work on Windows XP and above, and some require XP SP2 and above. One of the nicest security settings is the ability to create a wireless settings GPO that will require your client computers to connect only to a predefined set of wireless networks, and to require various security settings such as the type of wireless network access, level of encryption, method of authentication and more.

Daniel’s recommendations

If you are looking to really master Active Directory (or other Networking skills), I strongly recommend that you try Train Signal. I’ve discovered this company a few months ago and I always send people their way because the training is so good. You can see more HERE.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Daniel Petri

When creating and editing these wireless GPO settings you need to first have a Windows Server 2003 Domain. This is because of various additions to the AD Schema that the first Windows Server 2003 DC introduces (read Windows 2003 ADPrep). After you have a Windows Server 2003 Domain in place, you will need to create a new GPO or edit an existing GPO and add the wireless settings to it. BTW, if you plan to create and edit these WiFi settings from a Windows XP machine and not from your DC you will need to read Working with Wireless GPO Settings from XP SP2.

In order to create Wireless GPO you will need to perform the following steps:

  1. Create a new GPO or edit an existing one. The best tool for creating, linking and editing GPOs in the Group Policy Management Console (or GPMC). You can install GPMC on any Windows Server 2003 or Windows XP Pro computer. Read Download GPMC for more info. The following screenshot is of a new GPO creation with GPMC:

Note: Where you should create and link this GPO to in your AD structure is beyond the scope of this article, just note that linking it to an OU will effect all the computers within that OU. If you link it to the domain, it will effect all the computers in the domain.

  1. Edit the GPO you’ve selected, and expand Computer Configuration > Security Settings. You’ll notice a node called Wireless Network (IEEE 802.11) Policies.

  2. Right-click Wireless Network (IEEE 802.11) Policies and select Create Wireless Network Policy,

  1. In the Wireless Network Policy window click Next.

  1. In the Name box type a descriptive name for the new policy. Click Next.

  1. In the final window make sure Edit Properties is selected, and click Finish.

  1. In the Wireless Policy Properties window on the General tab you can change the policy’s name, the refresh interval (by default – 180 minutes), the ability to force the client computers to only connect to infrastructure devices (versus the ability to connect to any available device, including Ad-Hoc networks), and the option to force the default Windows client WiFi tool (versus other 3rd-party tools such as the excellent Intel PROSet/Wireless client).

  1. On the Preferred Networks tab you can add a list of the preferred WiFi networks that the clients are allowed to connect to. The client will only connect to these networks as long as it has had the Wireless GPO applied to it.

When you click on Add you can enter the Wireless’s network Name (SSID), just make sure you type it exactly as it is broadcast by the Wireless Access Point. You can also configure the level of authentication and encryption of the preferred network.

On the IEEE 802.1X tab of the New Preferred Setting Properties window you can configure the desired authentication method required by the Wireless network you’re connecting to.

When finished click Ok.

  1. When you’re done, close the GPO editor tool.

Although limited in scope, these settings can be used to configure the basic settings for the client computer.


Define Active Directory-based Wireless Network Policies

What Is Wireless Network Policies Extension?

Related Topics:

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: