TEAP GPO on Windows 10

Andrea Gaviraghi 106 Reputation points
2023-07-02T17:25:12.1633333+00:00

Hello everyone,

Let me explain my issue.

I configured a GPO to apply 802.3x "settings" (Computer Configuration, Policies, Windows Settings, Security Settings, Wired Network (IEEE 802.3) Policies with "Microsoft: EAP-TEAP" as a Network Authentication method:

Image

Long story short: Windows 11 applies the GPO but Windows 10 fails.

Long story short: Windows 11 applies the GPO but Windows 10 fails.

I also created a LAB: same results.

I tried with both 20H1 (first windows 10 version to support TEAP) and 22H2 versions and I get the same behavior.

Basically on a W11 client everything works and by looking at settings everything is configured as per GPO ("this settings is managed by your administrator"):

Image

Image

On a W10 client the GPO seems to be completely ignored: also Network Authentication revert to "Microsoft: PEAP (Protecetd EAP)":
Image

The strange thing is that this only occurs if I select a Root Certificate in the "TEAP Properties" window (see above) and if I select "Microsoft EAP: TEAP" as Network Authentication method: if I don't select any Root Certificate in the "TEAP Properites" window the GPO is also applied to Windows 10.

Please notes that I have a standalone Offline root CA and an Enterprise Issuing CA (2-tier PKI hierarchy) but even if I select a public Root Certificate (ie Entrust) I get the same.

Any help would be much appreciated.

Thank you very much.

Andrea

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,599 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,367 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,954 questions
{count} votes

6 answers

Sort by: Most helpful
  1. Limitless Technology 44,421 Reputation points
    2023-07-03T12:28:21.7766667+00:00

    Hello there,

    To configure TEAP (Tunneled Extensible Authentication Protocol) settings using Group Policy Objects (GPO) on Windows 10, you can follow these steps:

    Open the Group Policy Management Console:

    Press the Windows key + R, type gpmc.msc, and press Enter.

    Create or edit a Group Policy Object:

    Expand the desired domain, right-click on the Organizational Unit (OU) or the domain, and select "Create a GPO in this domain, and Link it here" or "Edit" if the GPO already exists.

    Navigate to the TEAP settings:

    In the Group Policy Management Editor window, navigate to:

    java

    Copy code

    Computer Configuration > Policies > Windows Settings > Security Settings > Wireless Network (IEEE 802.11) Policies

    Configure TEAP authentication settings:

    Right-click on the "Wireless Network (IEEE 802.11) Policies" node, select "Create A New Wireless Network Policy for Windows Vista and Later Releases," and provide a name for the policy.

    In the "Wireless Network Policy Properties" window, go to the "Security" tab.

    Under "Choose a network authentication method," select "Microsoft: Protected EAP (PEAP)" from the dropdown list.

    Click on the "Settings" button next to "Microsoft: Protected EAP (PEAP)."

    In the "Protected EAP Properties" window, go to the "General" tab.

    Under "Select an authentication method," choose "Microsoft: Secured password (EAP-MSCHAP v2)."

    Click "OK" to close the "Protected EAP Properties" window.

    Configure TEAP Root Certificate (if applicable):

    If you need to specify a Root Certificate for TEAP authentication, go to the "Root certificate" tab in the "Protected EAP Properties" window.

    Click on the "Add" button and select the appropriate Root Certificate from the certificate store.

    Click "OK" to close the "Protected EAP Properties" window.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

  2. Andrea Gaviraghi 106 Reputation points
    2023-07-03T16:13:24.9733333+00:00

    Hello,

    thanks for your answer, anyway I need to create a policy for Wired networks not Wireless.
    Also, I already created a GPO but I need "Microsoft: EAP-TEAP" ad "Network Authentication method":User's image

    If I do so, the GPO works on Windows 11 clients but not on Windows 10 clients.
    This is the issue I'm facing and I'm experiencing the same issue on a newly created clean lab, as already stated.

    Thank you.

    Andrea


  3. Marek-3228 0 Reputation points
    2023-10-26T07:47:17.62+00:00

    Is it possible to set Microsoft:EAP-TEAP using settings in GPO ?

    Which version of Windows Server allows configuration?

    0 comments No comments

  4. Wascar José Reyes de la Cruz 0 Reputation points
    2023-11-02T19:32:44.2866667+00:00

    Hello, we are also having this issue, has anyone resolved it?


  5. JP 15 Reputation points
    2023-12-19T16:06:27.7133333+00:00

    hello

    is it just wireless you are having issues with?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.