«

I quote from the "Microsoft Windows Small Business Server 2003
Administrators Companion" book:-

"Although PEAP provides great wireless security and is easier to implement
than EAP-TLS authentication, there are two significant drawbacks. The first
is that you won't be able to remotely administer wireless clients unless
someone's logged on. The second is that Group Policy Computer Configuration
won't work."

Based on my own experience of using PEAP based wireless networks, I would
disagree with both of the above statements.

1. When a computer on the network starts up, the computer account
authenticates. This is confirmed by the following;
i) An event appears in the event log stating that the computer account has
authenticated
ii) I can access the computer via Computer Management from the server
iii) There is an option in the configuration that states to "Authenticate as
computer when computer information is available"
iv) When a user logs on, another event occurs stating the user has been
given access. When the user logs off, the computer again authenticates.
v) The computer account is denied access unless Dial-In access is granted
according to the Remote Access Policy.

2. I can only assume the statement about Group Policy Computer Configuration
not working is because of the first point that, according to the book, the
computer does not have network access until a user logs on. Thus, no access,
how can Group Policy be applied?

I am surprised to read this because without the computer obtaining network
access the whole process of domain access, DNS registration, roaming
profiles etc will not work unless network access is obtained prior to logon.

These statements are based on experience gained from using Cisco Aironet
Access Points, Windows 2003 Small Business Server, Both Verisign and
Microsoft Certificates and Windows XP Desktops using the WZC service.

Can anyone shed some light on this?

Kevin