Define 802.1X authentication for wireless networks on a client computer
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To define 802.1X authentication for wireless networks on a client computer
Right-click the wireless network connection icon in the notification area, and then click View Available Wireless Networks. For more information, see Notes.
Under Related Tasks, click Change the order of preferred networks.
On the Wireless Networks tab, under Preferred networks, click the wireless network connection for which you want to configure 802.1X authentication, and then click Properties.
On the Authentication tab, do one of the following:
To enable IEEE 802.1X authentication for this connection, select the Enable IEEE 802.1x authentication for this network check box. This check box is selected by default.
To disable IEEE 802.1X authentication for this connection, clear the Enable IEEE 802.1x authentication for this network check box.
In EAP type, click the Extensible Authentication Protocol (EAP) type to be used with this connection.
If you select Smart Card or other Certificate in EAP type, click Properties and, in Smart Card or other Certificate Properties, do the following:
To use the certificate that resides on your smart card for authentication, click Use my smart card.
To use the certificate that resides in the certificate store on your computer for authentication, click Use a certificate on this computer, and then specify whether to use simple certificate selection.
To verify that the server certificate presented to your computer is still valid, select the Validate server certificate check box, specify the server or servers to which your computer will automatically connect, and then specify the trusted root certification authorities.
To view detailed information about the selected root certification authority, click View Certificate.
To use a different user name when the user name in the smart card or certificate is not the same as the user name in the domain to which you are logging on, select the Use a different user name for the connection check box.
If you select Protected EAP (PEAP) in EAP type, click Properties, and then do the following:
To verify that the server certificate presented to your computer is still valid, select the Validate server certificate check box, specify the server or servers to which your computer will automatically connect, and then specify the trusted root certification authorities.
In Select Authentication Method, click the authentication method that you want to use within PEAP, and then click Configure.
If you select Secured password (EAP-MSCHAP v2), then, in EAP MSCHAP v2 Properties, specify whether to use the user name and password (and domain, if applicable) that you type in the Windows logon screen for authentication, click OK, and then click OK again.
If you select Smart Card or other certificate, then, in Smart Card or other Certificate Properties, configure the settings as needed by following the instructions in step 6, click OK, and then click OK again.
On the Authentication tab, do the following:
To specify that the computer attempt authentication to the network if a user is not logged on, select the Authenticate as computer when computer information is available check box. This check box is selected by default.
To specify that the computer attempt authentication to the network if user information or computer information is not available, select the Authenticate as guest when user or computer information is unavailable check box.
Important
It is highly recommended that you use 802.1X authentication whenever you connect to an 802.11 wireless network. 802.1X is an IEEE standard that enhances security and deployment by providing support for centralized user identification, authentication, dynamic key management, and accounting. For more information, see Related Topics.
For enhanced security, in Windows XP Service Pack 1 and in the Windows Server 2003 family, 802.1X authentication is available only for access point (infrastructure) networks that require the use of a network key (WEP). WEP provides data confidentiality by encrypting the data that is sent between wireless clients and wireless access points. For additional information about security for wireless networks, see Related Topics.
If you attempt to connect to a computer-to-computer network or an access point network that does not require the use of a network key, the settings in the Authentication tab are not available, and you cannot configure 802.1X authentication for the connection.
Notes
Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.
tok:wirelessicon
When an error is detected that might limit or prevent a connection to a wireless network, the wireless warning icon is displayed in the notification area.
To open Network Connections, click Start, click Control Panel, and then double-click Network Connections.
To define 802.1X authentication, you must select an existing wireless network connection, or you must add a new wireless network connection. For information about how to add a new wireless network connection, see Related Topics.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
See Also
Concepts
Show a network connection icon in the notification area
Add, edit, or remove wireless network connections on a client computer
Configuring wireless network settings on client computers
Connect to an available wireless network
Understanding 802.1X authentication for wireless networks
Security information for wireless networks
Wireless networking overview