«

I have a Wireless AP with WPA enabled connected to my LAN and a handful of
Windows XP SP2 laptops that relay on this connection. My question is, at
what point is the wireless connection to the LAN/Domain established? Will a
laptop that is being powered up receive Computer Policies? Will a User
Policies apply?

Thanks -

Sean

Hi

Wireless is a "simple" replacement to wire.

Once the connection is made, every thing else that is Network related
applies the same to wired computer or Wireless.

Jack (MVP-Networking).





"HelpPls" <> wrote in message
news:#...
> I have a Wireless AP with WPA enabled connected to my LAN and a handful of
> Windows XP SP2 laptops that relay on this connection. My question is, at
> what point is the wireless connection to the LAN/Domain established? Will
a
> laptop that is being powered up receive Computer Policies? Will a User
> Policies apply?
>
> Thanks -
>
> Sean
>
>

If you are using WPA-PSK then the connection is likely always available.
However... there are some vendors who's hardware doesn't connect until a
user is logged in. This is rare.

Additionally, it you are using IAS (RADIUS) to authenticate the WPA
connection, remote access policy will determine whether or not access is
granted. When the PC boots, it will try to authenticate using the domain
machine account, once a seer logs in, the OS reauthenticates in the user's
context. This means that you need to make sure that your computer accounts
are added to the security group that allows for wireless access. If the PC
doesn't meet the remote access policy req. then the machine part of the GPO
will not be applied until the GPO refresh (default 8 hours) , assuming that
the user is still logged in.

To be sure of the behavior, take the time to disable your windows firewall
and boot a machine and ping it. If you get no response, you know that
either the machine was not granted access or that they Wireless NIC hasn't
associated yet. The IAS logs will be pretty clear as to the state of the
connection.

I recommend http://www.deepsoftware.ru/iasviewer/ to make easy work of
understanding the logs. It's free to try and cheap if you like it.

Hope that helps,


--
Mark Gamache
Certified Security Solutions


"HelpPls" <> wrote in message
news:%...
>I have a Wireless AP with WPA enabled connected to my LAN and a handful of
>Windows XP SP2 laptops that relay on this connection. My question is, at
>what point is the wireless connection to the LAN/Domain established? Will
>a laptop that is being powered up receive Computer Policies? Will a User
>Policies apply?
>
> Thanks -
>
> Sean
>

No, it does not work so "simply."

There is considerable configuration required for wireless networks to behave
exactly like wired networks. You need 802.1X at a minimum, but WPA is better.
You need hardware that supports these protocols. You need the necessary infrastructure
bits -- certificates (at least one), a RADIUS server (good for if you've
got 20 or more clients so that you can rely on EAP for key management), and
Windows XP on your clients. It's all fairly straightforward to set up (I
did it in three hours a couple years ago for a customer when it was all still
new and not well documented), but it's far from a "simple" replacement of
a wire with the air.

http://www.microsoft.com/wifi has some links to good guidance.

Steve Riley




> Hi
>
> Wireless is a "simple" replacement to wire.
>
> Once the connection is made, every thing else that is Network related
> applies the same to wired computer or Wireless.
>
> Jack (MVP-Networking).
>
> "HelpPls" <> wrote in message
> news:#...
>> I have a Wireless AP with WPA enabled connected to my LAN and a
>> handful of Windows XP SP2 laptops that relay on this connection. My
>> question is, at what point is the wireless connection to the
>> LAN/Domain established? Will
>>
> a
>
>> laptop that is being powered up receive Computer Policies? Will a
>> User Policies apply?
>>
>> Thanks -
>>
>> Sean
>>