Configure 802.1X Wireless Access Clients by using Group Policy Management

Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

You can use the procedures in this section to configure Wireless Network (IEEE 802.11) Policies for client computers running Windows® 7, Windows Vista®, and Windows XP with Service Pack 3 (SP3) that connect to your wireless network by using 802.1X-capable wireless access points (APs).

By default, you can use the two wireless Group Policy Management extensions — Windows Vista New Wireless Network (IEEE 802.11) Policies and Wireless XP Network (IEEE 802.11) Policies — to configure the following 802.1X authentication:

  • Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), for authentication using smart cards or other certificates.

  • Protected EAP-TLS (PEAP–TLS), for authentication using smart cards or other certificates.

  • PEAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2), for authentication using secure passwords.

You can configure computers running Windows 7, and Windows Vista by using the New Wireless Network Policy. You can use the New XP Wireless Policy to configure computers running Windows XP. Because there are separate policies for configuring computers running Windows XP and for computers running Windows Vista and later versions of Windows, the procedures to configure 802.1X authentication for 802.1X wireless access clients by using Group Policy Management are separated into two sections:

Membership in Domain Admins , or equivalent, is the minimum required to complete this procedure.


For information about activating or opening the Wireless Network (IEEE 802.11) Policies, see Access Group Policy Extensions for 802.1X Wired and Wireless.