[Dshield] Wireless MAC Authentication options.
John B. Holmblad
jholmblad at aol.com
Mon Aug 29 16:59:56 GMT 2005
I have put in a query to Microsoft about your point re NAP vs NAC as it
relates to 802.1x. For others on this list who might be interested here
are the urls to a) a white paper from Microsoft on what they are up to
with Network Access Protection and how it has evolved from Network
Quarantine and b) some FAQ on the subject:
Also, I did some checking of Group Policy supprort for certificate based
authentication with 802.1x by opening up a pre-defined GP Object called
"Small Business Server Client Computer"
on Windows 2003 Small Business Server and, under the container path
Computer Configuration=>Administrative Templates=>Network=>Network
there is a GP object entitled:
"IEEE 802.1x Certificate Authority for Machine Authentication"
The text associated with the explanation of this object is as follows:
If you want to use IEEE 802.1x machine authentication, configure
If you enable this setting, it configures the Certificate Authority
to be used on the client for authentication.
To allow successful authentication, enable this setting and indicate
the thumbprint or hash for your Certificate Authority.
If you disable or do not configure this setting, the Certificate
Authority for IEEE 802.1x machine authentication will not be
configured on your client. This might cause machine authentication
Note: The Certificate Authority that is configured by this setting
only applies to machine authentication, and not to user authentication.
One of the constraints of this GPO however is that it is applicable only to Windows XP and Windows Server 2003 systems, and, apparently, not to W2K Server or Pro.
GSEC Gold,GCWN Gold,GGSC-0100,NSA-IAM
(H) 703 620 0672
(M) 703 407 2278
(F) 703 620 5388
primary email address: jholmblad at aol.com
backup email address: jholmblad at verizon.net
More information about the list