Wireless logon to domain

the_technocratthe_technocrat IC-MotY1Indy
edited November 2006 in Science & Tech
I know someone has gone through this before...

here's the deal. I work for an association of schools. The schools have wireless access with WEP encryption (I know...). We also have a cart of laptops that can go to classrooms to provide a mobile lab. Here is the problem:

1. laptops go to room
2. laptops are turned on
3. logon screen appears
4. user logs on
5. wireless connection is established

You can see where the problem is here... The users (students) who have never logged into a laptop before can't log on to that particular laptop, because they don't have their credentials cached on that machine. I can plug the laptops in, have them log on, log off, unplug and get it to work...but for a thousand students times each laptop, this isn't a solution...

I need the following:

1. laptops go to room
2. laptops are turned on
3. wireless connection is established and group policies are applied
4. logon screen appears
5. user logs on

I've done some reseach on google, etc. and have tried a few things, but it still isn't working. Here are the settings I'm working with now. If someone can tell me how to get the machines to connect to the network and run their machine group policies (attach to network printers, etc.) *before* the user logs in, I would be very grateful. I'm not too bad with network administration, but I don't consider myself an expert by any means...

One other thing to note is that when I log on as the local machine admin (not an option to give the password to the students...) the laptops connect to our wireless network automatically. I was able to go here and post this without having to manually connect to the network...

Laptops
- set to use the windows wireless zero configuration service
- only one wireless network is listed in the 'preferred networks' list (ours):

"association" tab
- network authentication is set to 'open'
- data encryption is set to 'WEP'
- network key is properly typed and stored
- key index is set to '1'
- 'the key is provided for me automatically' is not checked

"authentication" tab
- 'enable IEEE 802.1x ...' is checked, and EAP is set to 'smart card or other cert'
- 'authenticate as computer when computer info is avail' is checked
- 'authenticate as guest' is not checked

"connection" tab
- 'connect when this network is in range' is checked


Group Policy
- I have created a group policy and assigned it to the "Laptop Cart" OU. The only thing it does is to disable Fast logon

(Computer Config > Admin Templates > System > Logon - set 'always wait for the network at computer startup and logon' to Enabled'. I even enforced the GPO on the Laptop OU to make sure another GPO wasn't disabling it, but no change)

Comments

  • the_technocratthe_technocrat IC-MotY1 Indy
    edited October 2006
    Just FYI, these are Dell Inspiron 6000's with Dell Wireless 1370 WLAN Mini-PCI cards

    edit: apparently these are broadcom cards. I know the intel cards have the ability to check a box that says 'connect to network at boot', but does anyone know how to get a broadcom card to do this?
  • the_technocratthe_technocrat IC-MotY1 Indy
    edited October 2006
    tried making a startup script to start wireless zero service at boot...didn't work...
  • ShortyShorty Manchester, UK
    edited October 2006
    Interesting conundrum you have there. I have a friend who does alot of this kinda thing. Il drop him an email for suggestions :)
  • the_technocratthe_technocrat IC-MotY1 Indy
    edited October 2006
    ok, figured it out.

    Broadcom\Dell WLAN cards don't naturally support this type of thing. HOWEVER - Dell offers it's own Intel PRO/set-type tool. It's downloadable from dell.com/support.

    Something to note - if you get a dell laptop with an internal wireless card, it has the dell wireless config utility installed, but not set as the default. It lets windows manage the wireless connection with the wireless zero configuration service.

    Sometimes the WZC service would connect before logon, sometimes it doesn't. So you want to use the utility dell has for its wireless cards instead. HOWEVER - dell laptops come with the standard installation of dell's wireless config utility. On some of my laptops, they DID NOT install the additional parts of the program that allow for connection to the WLAN before logon. Some had it, some didn't. YMMV. It's a checkbox on the bottom of the config screen that says 'connect before logon' (or something like that)

    I downloaded the dell wireless config utility that was appropriate for each one of my models of laptop, and re-installed it, choosing to do the 'custom' install instead of the defaults. You then have to choose to install the 'single-sign-on tools', and choose to install the 'connect before logon' module.

    After that, I popped open the dell config, set it up to connect to our WLAN before logon, disabled the WZC service in services.msc (or msconfig) and everything is cool.
  • the_technocratthe_technocrat IC-MotY1 Indy
    edited October 2006
    Also note that a few laptops we have with PCMCIA wireless card didn't have this issue. I'm guessing that these cards manage the connection themselves, and attempt to do so as soon as they're powered on. (at POST) by the time the logon screen got there, they had been connected for a while and were ready.


    I also left the GPO in place (minus the startup script) so that the laptops will not show the logon screen until they are connected to the network. I don't want some speedy kid to think they have a problem because they were able to type in their password before the laptop was fully connected. This also avoids issues when their credentials are cached and they are able to log in without network access, and consequently don't get their printers, mapped drives, etc.


    As an added bonus, I've noticed that the utilities by Intel and Dell are much better at maintaining the wireless connection than the WZ service. I used to have the laptops drop every half hour or so with the WZ service...YMMV...
  • ThraxThrax Professional Shill, Watch Slut, Mumble Hivemind Drone Austin, TX
    edited October 2006
    As an added bonus, I've noticed that the utilities by Intel and Dell are much better at maintaining the wireless connection than the WZ service. I used to have the laptops drop every half hour or so with the WZ service...YMMV...


    http://www.wired.com/news/technology/0,1282,63705,00.html
  • the_technocratthe_technocrat IC-MotY1 Indy
    edited October 2006
    Thrax wrote:

    yup!

    btw, 30 laptops using Dell or Intel's wireless management apps = no problems at all

    compare this to extreme frustration with WinXP's WZC.

    My policy from now on is to use anything but the WZC on all production machines, end of story!!
  • mtroxmtrox Minnesota
    edited November 2006
    Nice work Techno, and Thrax I read your link. Hadn't heard that one but I sure notice my wireless dropping several times a week for no reason at all. I'm going to switch over to the ThinkPad utility and see if that makes a difference.
  • the_technocratthe_technocrat IC-MotY1 Indy
    edited November 2006
    mtrox wrote:
    Nice work Techno, and Thrax I read your link. Hadn't heard that one but I sure notice my wireless dropping several times a week for no reason at all. I'm going to switch over to the ThinkPad utility and see if that makes a difference.

    let us know how it goes. I can confirm that the dell and intel utilities are working flawlessly here, I'd be interested to see how IBM's (or Lenovo's ) works out...
  • mtroxmtrox Minnesota
    edited November 2006
    let us know how it goes. I can confirm that the dell and intel utilities are working flawlessly here, I'd be interested to see how IBM's (or Lenovo's ) works out...

    So far so good....I've resisted as ThinkPad's utility is so F
    g complicated. Took me a while to get connected. This better be more stable or I'm going back to WZC. I would NEVER be able to walk one of my users through connecting to a hotel with this thing.
  • the_technocratthe_technocrat IC-MotY1 Indy
    edited November 2006
    mtrox wrote:
    So far so good....I've resisted as ThinkPad's utility is so F
    g complicated. Took me a while to get connected. This better be more stable or I'm going back to WZC. I would NEVER be able to walk one of my users through connecting to a hotel with this thing.

    It's got to be an Intel-based wireless card if it has the centrino trademark on it (like most thinkpads do, I think)... Maybe you can figure out what the Intel # of the card is from the device manager and d/l a copy of Intel's PRO/set utility from intel...?
  • mtroxmtrox Minnesota
    edited November 2006
    Pentium M, but not Centrino. The MiniPCI wireless is Atheros. I've come this far, I'm going to see how IBM's thing works just out of curiosity. I may have to go back to WZC just so I can do one of those phone calls with a client who can't connect on his Dell.

    I'm in the habit of deleting those manufacturer utilities so all users are on WZC and I can walk them through connecting wherever they are.
  • the_technocratthe_technocrat IC-MotY1 Indy
    edited November 2006
    mtrox wrote:
    Pentium M, but not Centrino. The MiniPCI wireless is Atheros. I've come this far, I'm going to see how IBM's thing works just out of curiosity. I may have to go back to WZC just so I can do one of those phone calls with a client who can't connect on his Dell.

    Darn. :)
    mtrox wrote:
    I'm in the habit of deleting those manufacturer utilities so all users are on WZC and I can walk them through connecting wherever they are.

    I was too. After many complaints about a perfectly-operating WLAN (it was reall the WNIC's), I changed my tune. Good luck, let us know if you still get the droppage.
  • mtroxmtrox Minnesota
    edited November 2006
    Good luck, let us know if you still get the droppage.

    I think you're on to something Techno. I've been living on the IBM wireless utility for almost two weeks now, no dropping. I've also got WZC disabled. I took a quick look and net is I'm using less RAM too.

    Oh, and the IBM utility would also solve your original problem...there is a switch to allow wireless at Windows logon.
  • the_technocratthe_technocrat IC-MotY1 Indy
    edited November 2006
    Looks like the bottom line is that WZC is terrible... I'm sure some people do just fine with it, but across vendors like Dell (Boradcom, Intel) and IBM (Intel, Atheros), it seems that you can't go wrong with ditching WZC.

    The only complaint seems to be that some manufacturers don't put much thought into their WLAN config tools, whichis probably why people go for WZC anyway... too bad...
  • QCHQCH Ancient Guru Chicago Area - USA
    edited November 2006
    I can verify that Techno's results are correct. It's a pain but it works.
Sign In or Register to comment.