The Cable Guy: Connecting to Wireless Networks with Windows 7
There are a number of ways to hook up to wireless networks with Windows 7 – each has its own set of pros and cons.
The Cable Guy
These days, the wireless world is everywhere. Being able to connect to a network and the web from wherever you are is almost essential. Windows 7 provides a simplified user experience for IEEE 802.11 wireless LAN networks.
Using Windows 7, you can use the following methods to connect to and configure connections to wireless networks, known as wireless profiles:
- Network notification area icon: This is the primary method by which users connect to available wireless networks.
- Set up a connection or network dialog box: This is a method by which users can manually create wireless network profiles.
- Manage Wireless Networks dialog box: This is another method to manually configure wireless networks and specify their detailed settings.
- Group Policy: Network administrators can use Group Policy settings in an Active Directory Domain Services (AD DS) environment to centrally configure and automatically deploy wireless network settings for domain member computers. (See Wireless Group Policy Settings for Windows Vista, the April 2007 The Cable Guy.)
- Command line: Network administrators can use commands in the netsh wlan context of the Netsh.exe tool to manually configure wireless networks and their settings. There are Netsh commands to export an existing wireless profile to an XML file and then import the wireless profile settings stored in the XML file on another computer. (See Netsh Commands for Wireless Local Area Network (WLAN) in Windows Server 2008 R2.)
The following sections describe in detail how to connect to a wireless network using the Network notification area icon and the Set up a connection or network dialog box in Windows 7, how to manage your wireless networks, and how to connect to non-broadcasting wireless networks.
Using the Network Notification Area Icon
To connect to an available wireless network, click the Network icon in the notification area of your desktop. The resulting pane will give you a list of detected wireless networks and, for domain-joined computers, the names of wireless networks configured through Group Policy (see Figure 1)
Figure 1 The list of available networks will look something like this.
From this pane, you can connect to a listed wireless network by double-clicking it, clicking the network and then clicking Connect, or by right-clicking the network and clicking Connect.
To view information for a listed wireless network, place the mouse pointer over the network name. You’ll see the wireless network’s name, signal strength, security type, radio type (802.11b/g/n), and Service Set Identifier (SSID). You can see connected network status and properties of a connected network or a network configured through Group Policy through the wireless network’s context menu (see Figure 2).
To refresh the list of wireless network, click the up/down arrow icon in the upper right of the pane. To disconnect from a connected wireless network, right-click the network and then click Disconnect.
Figure 2 The Wireless Network Connection Status dialog box.
Set up a connection or network dialog box
You can access the Set Up a Connection or Network dialog box in Windows 7 (see Figure 3), by selecting the Set Up a New Connection or Network link in the Network and Sharing center.
Figure 3 The Set Up a Connection or Network dialog box.
To manually create a wireless network profile, click “Manually connect to a wireless network,” and then click Next. You should see Figure 4.
Figure 4 The page that lets you enter information for the wireless network you want to add.
To enter information for the wireless network you want to add, configure the following:
Network name; Type the name of the wireless network.
Security type; Select the method used to authenticate a connection to the wireless network from the following choices:
- No authentication (Open) Open system authentication with no encryption.
- WEPOpen system authentication with Wired Equivalent Privacy (WEP).
- WPA2-Personal Wi-Fi Protected Access 2 (WPA2) with a pre-shared key (also known as a passphrase).
- WPA-Personal Wi-Fi Protected Access (WPA) with a pre-shared key.
- WPA2-Enterprise WPA2 with IEEE 802.1X authentication.
- WPA-Enterprise WPA with IEEE 802.1X authentication.
- 802.1xIEEE 802.1X authentication with WEP (also known as dynamic WEP).
The choices will depend on your wireless network adapter capabilities as reported to Windows. If an authentication type doesn’t appear in the list, ensure that your wireless adapter supports the type and that you’ve installed the latest driver for your adapter that’s compatible with Windows 7.
The shared key authentication method is not listed. Microsoft strongly discourages its use because it provides weak security for your wireless network. To configure shared key authentication, select No authentication (Open) here and then select Shared from the Security tab in the properties of the wireless network (described later in this article).
Encryption type: Select the method used to encrypt data sent over the wireless network. The choices depend on the selected security type.
- When you select the — No authentication (Open) security type, None is selected for you.
- When you select the — WEP security type, WEP is selected for you.
- When you select the — 802.1x security type, WEP is selected for you.
- When you select the — WPA2-Personal, WPA2-Enterprise, WPA-Personal, WPA-Enterprise security types, you can select AES or TKIP.
As before, the encryption choices listed depend on your wireless network adapter capabilities as reported to Windows.
- Security Key: Type the WEP key (if you selected the WEP security type), the WPA preshared key (if you selected the WPA-Personal security type), or the WPA2 preshared key (if you selected the WPA2-Personal security type). For the WPA2-Enterprise, WPA-Enterprise, and 802.1x security types, Windows 7 automatically determines the security key when performing 802.1X-based authentication.
- Hide characters: Specifies whether you want to view the value typed in Security Key.
- Start this connection automatically: Specifies whether Windows 7 will automatically connect to this wireless network. If you clear this checkbox, you must manually connect to the wireless network from the list of networks available from the Network notification area icon.
- Connect even if the network is not broadcasting:Specifies whether Windows should attempt to connect even if the wireless network is not broadcasting its name. This will cause Windows to send Probe Request frames to locate the wireless network. These probe request frames can be used by malicious users to determine the name of the non-broadcast network. For more information about the privacy issues of non-broadcast networks, see Non-broadcast Wireless Networks with Microsoft Windows.
When you click Next, you should see Figure 5.
Figure 5 The Successfully added page.
You can click Change connection settings to access the properties of the wireless network, as described later in this article, or click Close.
The Manage Wireless Networks Dialog Box
You can access the Manage Wireless Networks dialog box from the Manage wireless networks link in the Network and Sharing Center (see Figure 6).
Figure 6 The Manage Wireless Networks dialog box.
Note: If the Manage wireless networks link is not present from the Network and Sharing Center, click the “Change adapter settings” link and ensure that your wireless network adapter is enabled on your laptop or notebook computer, appears in the Network Connections folder as a wireless connection, and is enabled. If your wireless network adapter appears in the Network Connections folder as a wired connection, ensure that you’ve installed the latest driver that’s compatible with Windows 7.
From the Manage Wireless Networks dialog box, you can add a new wireless network, remove a selected wireless network, obtain the properties of the wireless network adapter, and choose the type of profile to assign to new wireless networks (applies to all users or the current user).
To manually add a wireless network, click Add to launch the Manually connect to a wireless network wizard, which will help you create a wireless network profile for either an infrastructure or ad hoc wireless network (see Figure 7).
Figure 7 The “How do you want to add a network?” page.
To create a wireless profile for an infrastructure wireless network, click Manually create a network profile. To create a wireless profile for an ad hoc wireless network, click Create an ad hoc network.
To view or modify the properties of a wireless network in the list, double-click the name in the Manage wireless networks dialog box. Windows 7 displays the dialog box in Figure 8.
Figure 8 The Wireless Network Properties dialog box.
From the Connection tab, you can view the wireless network's name, SSID, network type (either Access point for infrastructure mode networks or Computer-to-computer for ad hoc mode networks), and availability. You can also configure the following:
- Connect automatically when the network is in range
- Connect to a more preferred network if available: Specifies whether Windows 7 will automatically disconnect from this wireless network if a more preferred wireless network comes within range.
- Connect even if the network is not broadcasting its name (SSID)
The Copy this network profile to a USB flash drive link launches the Copy Network Settings wizard, which writes the wireless network profile settings to a USB flash drive. You can then use this flash drive to automate the wireless network profile configuration of other computers. Figure 9 shows the Security tab.
Figure 9 The Security tab of the Wireless Network Properties dialog box.
On the Security tab, you can specify the following security types:
- No authentication (Open)
- Shared or Shared key authentication (The Security tab is the only location where you can configure shared key authentication because its use is highly discouraged.)
Based on the selected security type, you can configure either a network security key or specify and configure a network authentication method. If you specify WPA-Enterprise, WPA2-Enterprise, or 802.1x as your security type, you must configure the following (as shown in the previous figure):
- Choose a network authentication methodSelect an Extensible Authentication Protocol (EAP) method and click Settings to configure the EAP type as needed.
- Remember my credentials for this connection each time I’m logged on: Specifies that when the user logs off, the user credential data is not removed from the registry. If you clear the checkbox, the next time the user logs on, he will be prompted for credentials (such as user name and password).
If you specify the use of WPA-Personal or WPA2-Personal as your security type or No authentication (Open) or Shared as your security type with WEP as your encryption type, you must configure a network security key, as shown in Figure 10.
Figure 10 Example of configuring a network security key.
If you choose the WPA-Enterprise, WPA2-Enterprise, or WPA2-Personal security types, you can also configure advanced settings. Figure 11 shows the Advanced settings dialog box for the WPA2-Enterprise security type.
Figure 11 The 802.1X settings tab.
On the 802.1X settings tab, you can specify the authentication mode (User or computer authentication, Computer authentication, User authentication, or Guest authentication), save a set credentials for user authentication, and delete credentials for all users.
Single sign-on (SSO) lets you configure when 802.1X authentication occurs relative to the user logon and integrate user logon and 802.1X authentication credentials on the Windows logon screen. For more information about SSO settings, see Wireless Group Policy Settings for Windows Vista, the April 2007 The Cable Guy article. Figure 12 shows the 802.11 settings tab.
Figure 12 The 802.11 settings tab.
In the Fast roaming section, you can configure Pairwise Master Key (PMK) caching and pre-authentication options. For more information about fast roaming settings, see Wireless Group Policy Settings for Windows Vista, the April 2007 The Cable Guy article.
Note: When you select the WPA-Enterprise security type, the Advanced settings dialog box does not contain the 802.11 Settings tab.
The Enable Federal Information Processing Standard (FIPS) compliance for this network check box lets you specify whether to perform AES encryption in a FIPS 140-2 certified mode. FIPS 140-2 is a U.S. government computer security standard that specifies design and implementation requirements for cryptographic modules. Windows 7 is FIPS 140-2 certified. When you enable FIPS 140-2 certified mode, Windows 7 performs the AES encryption in software, rather than relying on the wireless network adapter. This check box only appears when you select WPA2-Enterprise or WPA2-Personalas the authentication method on the Security tab.
Non-broadcasting wireless networks
A non-broadcasting wireless network doesn’t advertise its network name, or SSID. You can configure a wireless access point of a non-broadcasting wireless network to send Beacon frames with an SSID set to NULL. A non-broadcasting wireless network is also known as a hidden wireless network.
You can configure wireless networks in Windows 7 as broadcast or non-broadcast. A computer running Windows 7 will attempt to connect to wireless networks in the preferred networks list order, regardless of whether they’re broadcast or non-broadcast. Additionally, non-broadcast networks appear last in the list of available networks with the name Other Network. Figure 13 shows an example.
Figure 13 A non-broadcast wireless network.
When you connect to the Other Network, Windows 7 prompts you to specify the wireless network name (SSID). Figure 14 shows an example.
Figure 14 Typing the name of a non-broadcast wireless network.
Joseph Davies* is a principal technical writer on the Windows networking writing team at Microsoft. He is the author and coauthor of a number of books published by Microsoft Press, including “Windows Server 2008 Networking and Network Access Protection (NAP),” “Understanding IPv6, Second Edition” and “Windows Server 2008 TCP/IP Protocols and Services.*