Wireless logon to domain
the_technocrat
IC-MotY1Indy Icrontian
I know someone has gone through this before...
here's the deal. I work for an association of schools. The schools have wireless access with WEP encryption (I know...). We also have a cart of laptops that can go to classrooms to provide a mobile lab. Here is the problem:
1. laptops go to room
2. laptops are turned on
3. logon screen appears
4. user logs on
5. wireless connection is established
You can see where the problem is here... The users (students) who have never logged into a laptop before can't log on to that particular laptop, because they don't have their credentials cached on that machine. I can plug the laptops in, have them log on, log off, unplug and get it to work...but for a thousand students times each laptop, this isn't a solution...
I need the following:
1. laptops go to room
2. laptops are turned on
3. wireless connection is established and group policies are applied
4. logon screen appears
5. user logs on
I've done some reseach on google, etc. and have tried a few things, but it still isn't working. Here are the settings I'm working with now. If someone can tell me how to get the machines to connect to the network and run their machine group policies (attach to network printers, etc.) *before* the user logs in, I would be very grateful. I'm not too bad with network administration, but I don't consider myself an expert by any means...
One other thing to note is that when I log on as the local machine admin (not an option to give the password to the students...) the laptops connect to our wireless network automatically. I was able to go here and post this without having to manually connect to the network...
Laptops
- set to use the windows wireless zero configuration service
- only one wireless network is listed in the 'preferred networks' list (ours):
"association" tab
- network authentication is set to 'open'
- data encryption is set to 'WEP'
- network key is properly typed and stored
- key index is set to '1'
- 'the key is provided for me automatically' is not checked
"authentication" tab
- 'enable IEEE 802.1x ...' is checked, and EAP is set to 'smart card or other cert'
- 'authenticate as computer when computer info is avail' is checked
- 'authenticate as guest' is not checked
"connection" tab
- 'connect when this network is in range' is checked
Group Policy
- I have created a group policy and assigned it to the "Laptop Cart" OU. The only thing it does is to disable Fast logon
(Computer Config > Admin Templates > System > Logon - set 'always wait for the network at computer startup and logon' to Enabled'. I even enforced the GPO on the Laptop OU to make sure another GPO wasn't disabling it, but no change)
here's the deal. I work for an association of schools. The schools have wireless access with WEP encryption (I know...). We also have a cart of laptops that can go to classrooms to provide a mobile lab. Here is the problem:
1. laptops go to room
2. laptops are turned on
3. logon screen appears
4. user logs on
5. wireless connection is established
You can see where the problem is here... The users (students) who have never logged into a laptop before can't log on to that particular laptop, because they don't have their credentials cached on that machine. I can plug the laptops in, have them log on, log off, unplug and get it to work...but for a thousand students times each laptop, this isn't a solution...
I need the following:
1. laptops go to room
2. laptops are turned on
3. wireless connection is established and group policies are applied
4. logon screen appears
5. user logs on
I've done some reseach on google, etc. and have tried a few things, but it still isn't working. Here are the settings I'm working with now. If someone can tell me how to get the machines to connect to the network and run their machine group policies (attach to network printers, etc.) *before* the user logs in, I would be very grateful. I'm not too bad with network administration, but I don't consider myself an expert by any means...
One other thing to note is that when I log on as the local machine admin (not an option to give the password to the students...) the laptops connect to our wireless network automatically. I was able to go here and post this without having to manually connect to the network...
Laptops
- set to use the windows wireless zero configuration service
- only one wireless network is listed in the 'preferred networks' list (ours):
"association" tab
- network authentication is set to 'open'
- data encryption is set to 'WEP'
- network key is properly typed and stored
- key index is set to '1'
- 'the key is provided for me automatically' is not checked
"authentication" tab
- 'enable IEEE 802.1x ...' is checked, and EAP is set to 'smart card or other cert'
- 'authenticate as computer when computer info is avail' is checked
- 'authenticate as guest' is not checked
"connection" tab
- 'connect when this network is in range' is checked
Group Policy
- I have created a group policy and assigned it to the "Laptop Cart" OU. The only thing it does is to disable Fast logon
(Computer Config > Admin Templates > System > Logon - set 'always wait for the network at computer startup and logon' to Enabled'. I even enforced the GPO on the Laptop OU to make sure another GPO wasn't disabling it, but no change)
0
Comments
edit: apparently these are broadcom cards. I know the intel cards have the ability to check a box that says 'connect to network at boot', but does anyone know how to get a broadcom card to do this?
Broadcom\Dell WLAN cards don't naturally support this type of thing. HOWEVER - Dell offers it's own Intel PRO/set-type tool. It's downloadable from dell.com/support.
Something to note - if you get a dell laptop with an internal wireless card, it has the dell wireless config utility installed, but not set as the default. It lets windows manage the wireless connection with the wireless zero configuration service.
Sometimes the WZC service would connect before logon, sometimes it doesn't. So you want to use the utility dell has for its wireless cards instead. HOWEVER - dell laptops come with the standard installation of dell's wireless config utility. On some of my laptops, they DID NOT install the additional parts of the program that allow for connection to the WLAN before logon. Some had it, some didn't. YMMV. It's a checkbox on the bottom of the config screen that says 'connect before logon' (or something like that)
I downloaded the dell wireless config utility that was appropriate for each one of my models of laptop, and re-installed it, choosing to do the 'custom' install instead of the defaults. You then have to choose to install the 'single-sign-on tools', and choose to install the 'connect before logon' module.
After that, I popped open the dell config, set it up to connect to our WLAN before logon, disabled the WZC service in services.msc (or msconfig) and everything is cool.
I also left the GPO in place (minus the startup script) so that the laptops will not show the logon screen until they are connected to the network. I don't want some speedy kid to think they have a problem because they were able to type in their password before the laptop was fully connected. This also avoids issues when their credentials are cached and they are able to log in without network access, and consequently don't get their printers, mapped drives, etc.
As an added bonus, I've noticed that the utilities by Intel and Dell are much better at maintaining the wireless connection than the WZ service. I used to have the laptops drop every half hour or so with the WZ service...YMMV...
http://www.wired.com/news/technology/0,1282,63705,00.html
yup!
btw, 30 laptops using Dell or Intel's wireless management apps = no problems at all
compare this to extreme frustration with WinXP's WZC.
My policy from now on is to use anything but the WZC on all production machines, end of story!!
let us know how it goes. I can confirm that the dell and intel utilities are working flawlessly here, I'd be interested to see how IBM's (or Lenovo's ) works out...
So far so good....I've resisted as ThinkPad's utility is so F
g complicated. Took me a while to get connected. This better be more stable or I'm going back to WZC. I would NEVER be able to walk one of my users through connecting to a hotel with this thing.
It's got to be an Intel-based wireless card if it has the centrino trademark on it (like most thinkpads do, I think)... Maybe you can figure out what the Intel # of the card is from the device manager and d/l a copy of Intel's PRO/set utility from intel...?
I'm in the habit of deleting those manufacturer utilities so all users are on WZC and I can walk them through connecting wherever they are.
Darn.
I was too. After many complaints about a perfectly-operating WLAN (it was reall the WNIC's), I changed my tune. Good luck, let us know if you still get the droppage.
I think you're on to something Techno. I've been living on the IBM wireless utility for almost two weeks now, no dropping. I've also got WZC disabled. I took a quick look and net is I'm using less RAM too.
Oh, and the IBM utility would also solve your original problem...there is a switch to allow wireless at Windows logon.
The only complaint seems to be that some manufacturers don't put much thought into their WLAN config tools, whichis probably why people go for WZC anyway... too bad...