Udostępnij za pośrednictwem


What's New in 802.1X Authenticated Wired Access

 

Applies To: Windows 8.1, Windows Server 2012 R2

This topic provides information about the new features for 802.1X Authenticated Wired Access in Windows Server 2012 R2 and Windows 8.1.

What's New in 802.1X Authenticated Wired Access in Windows Server 2012 R2

The following section describes a new feature for this release.

Extending the use of passwords for Enterprise wired Ethernet access

If you have deployed password-based 802.1X authentication methods for wired and wireless connections through Ethernet switches and wireless access points, users with non-domain joined computers and devices that are running Windows 8.1 and Windows Server 2012 R2 can bring their own devices to your organization and enjoy the advantages of password-based credential reuse.

When password-based Extensible Authentication Protocol (EAP) and Protected EAP (PEAP) authentication methods are deployed, end users can provide their credentials the first time they connect to your organization’s network, then connect to all the resources they want to without being prompted repeatedly for their credentials, because the credentials are stored on the local computer for reuse.

This is especially useful for users who are connecting to multiple network resources, such as Enterprise intranet Web sites, Enterprise printers, and line of business applications.

For security reasons, when the user’s computer or device disconnects from the network, the stored credentials are discarded.

This feature is available for non-domain joined computers and devices that are running Windows 8.1 and Windows Server 2012 R2 when you have deployed the following authentication methods on your network.

  • EAP with Microsoft Challenge Handshake Protocol version 2 (EAP-MS-CHAP v2)

  • PEAP-EAP-MS-CHAP v2

  • EAP-TTLS with EAP-MS-CHAP v2

In Windows 8.1 and Windows Server 2012 R2, this feature is enabled by default. You can use the following registry key to disable or re-enable user password storing if you have previously disabled it:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Configuration

Name  

Type

Default

Exists by default

DisableUsrPwdStoring

DWORD (1 or 0)

0 (false)

No

When this registry key is set to 1 (true), EAP methods do not store any credential information in Credential Manager.

See also