Don't cache PEAP authentication information on Win XP SP2

Discussion in 'Wireless Networking' started by Guest, Aug 12, 2005.

  1. Guest

    Guest Guest

    Does anyone know how to disable a windows XP SP2 box from cacheing the user
    id and pw when you log into a wirless provider that is using PEAP? I want to
    force each user to use their own user id and pw when they access the wireless
    network.

    I found a solution that I can do, but I don't want my users poking around
    the registry.... I found the registry key that stores the information and
    have sucessfully deleted it to force the input of the credentials the next
    time that the wireless network is accessed. However, it just re-creates the
    registry key.... Back to square 1.

    Does anyone have a solution for this??

    Mike
     
    Guest, Aug 12, 2005
    #1
    1. Advertisements

  2. The credentials are cached because each time you roam you would need to
    MANUALLY reenter the credentials. I've seen several wireless drivers
    spontaneously roam when more than one access point is in range. Some of
    these devices will roam 4 or more times per minute without even moving the
    laptop an inch in any direction.

    Multiple users sharing a Windows logon session is patently unsecure. Your
    network users should have a seperate logon for each session on the local
    computer. When one users finishes, they log-off, and then the next user
    logs on. If you have deployed active directory in your enterprise, then you
    can even use the AD user credentials for automatic authentication skipping
    the prompts altogether.

    Is there a special reason why your clients must deviate from this model?
     
    Jerry Peterson[MSFT], Aug 18, 2005
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    We are deploying 10 laptops into 10 cars for about 40 users that are in a
    different car everyday. There is no network to authenitcate to, other than
    the wireless routers for internet access. I just don't want to create that
    many user accounts on each laptop if I don't have to.

    The laptops are basically used to create Word and Excel documents on. We
    are in a university setting and our private network is completely standalone
    from the universitys. Thus connection through the wireless router to our
    network is not possible. My users are just wanting to access the network
    resources so that they may use a web browser to e-mail the documents to their
    supervisors rather than using the issued thumb drives to take it to the
    supervisor.

    My superiors want each person to have to authenticate to the router so that
    their web usage can be more easily tracked through the university IT
    department if needed.

    Mike
     
    Guest, Aug 18, 2005
    #3
  4. Active Directory users would be the simplest way to implement this. Setup a
    seperate domain for your private network. Write a quick script to create
    all 40 users in active directory and join each laptop to the domain. You
    already have a RADIUS server in place, so more than likely the domain
    controller is already in place. If that is the case, this would take just a
    few minutes to setup.

    This would satisfy your per user tracking requirements. You wouldn't have
    to create a new user on each laptop. Authentication permissions could be
    centralized at the domain level. Further, you could use domain policy to
    enable per user configurations and applications. This would also be far
    more secure than the current model.
     
    Jerry Peterson[MSFT], Aug 18, 2005
    #4
  5. Guest

    Guest Guest

    Is there as solution for this? I see you found an answer for his specific
    problem, but didn't really answer the question.
    I want to be able to disable the password caching for testing. Is there any
    way to do this?

    Thanks,
    --Vasu.
     
    Guest, Nov 4, 2005
    #5
  6. Guest

    Guest Guest

    Guest, Nov 4, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.