Deploying 802.1X on PCs via Group Policy

  • 1
  • 1
  • Question
  • Updated 3 months ago
  • Answered
I realize this is outside the scope of Extreme's product line, but we're currently looking at how to roll out 802.1X configuration to our Windows PCs in the environment. Enabling the Wired AutoConfig service is the easy part, but configuring the authentication parameters on the PCs NICs is proving to be a bit more challenging. We've been evaluating using a PowerShell script delivered via Group Policy alongside GPO rules.

How have your organizations managed this roll out when deploying Access Control and Policy?
Photo of Jared Harvey

Jared Harvey

  • 180 Points 100 badge 2x thumb

Posted 4 months ago

  • 1
  • 1
Photo of Darin Seiler

Darin Seiler

  • 402 Points 250 badge 2x thumb
We do 802.1x on wired PCs and control wired NIC settings through Group Policy. Below is a sample copy of our Group Policy settings. Not sure if that is what you were looking for or if you were looking for additional parameters and settings.  I didn't see a way I could add an attachment to this post so you will need to copy and paste all syntax below to notepad, save it as an htm file extension and you can view it within a browser. 

<html dir="ltr" xmlns:v="urn:schemas-microsoft-com:vml" gpmc_reportInitialized="false">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-16" />
<title>802.1x - Wired</title>
<!-- Styles -->
<style type="text/css">
                body    { background-color:#FFFFFF; border:1px solid #666666; color:#000000; font-size:68%; font-family:MS Shell Dlg; margin:0,0,10px,0; word-break:normal; word-wrap:break-word; }

                table   { font-size:100%; table-layout:fixed; width:100%; }

                td,th   { overflow:visible; text-align:left; vertical-align:top; white-space:normal; }

                .title  { background:#FFFFFF; border:none; color:#333333; display:block; height:24px; margin:0px,0px,-1px,0px; padding-top:4px; position:relative; table-layout:fixed; width:100%; z-index:5; }

                .he0_expanded    { background-color:#FEF7D6; border:1px solid #BBBBBB; color:#3333CC; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:0px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he1_expanded    { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he1h_expanded   { background-color: #7197B3; border: 1px solid #BBBBBB; color: #000000; cursor: hand; display: block; font-family: MS Shell Dlg; font-size: 100%; font-weight: bold; height: 2.25em; margin-bottom: -1px; margin-left: 10px; margin-right: 0px; padding-left: 8px; padding-right: 5em; padding-top: 4px; position: relative; width: 100%; }

                .he1    { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he2    { background-color:#C0D2DE; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:30px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he3    { background-color:#D9E3EA; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:40px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he4    { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:50px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he4h   { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he4i   { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-bottom:5px; padding-left:21px; padding-top:4px; position:relative; width:100%; }

                .he5    { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:60px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; position:relative; width:100%; }

                .he5h   { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; padding-right:5em; padding-top:4px; margin-bottom:-1px; margin-left:65px; margin-right:0px; position:relative; width:100%; }

                .he5i   { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:65px; margin-right:0px; padding-left:21px; padding-bottom:5px; padding-top: 4px; position:relative; width:100%; }

                DIV .expando { color:#000000; text-decoration:none; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:normal; position:absolute; right:10px; text-decoration:underline; z-index: 0; }

                .he0 .expando { font-size:100%; }

                .info, .info3, .info4, .disalign  { line-height:1.6em; padding:0px,0px,0px,0px; margin:0px,0px,0px,0px; }

                .disalign TD                      { padding-bottom:5px; padding-right:10px; }

                .info TD                          { padding-right:10px; width:50%; }

                .info3 TD                         { padding-right:10px; width:33%; }

                .info4 TD, .info4 TH              { padding-right:10px; width:25%; }

                .info TH, .info3 TH, .info4 TH, .disalign TH { border-bottom:1px solid #CCCCCC; padding-right:10px; }

                .subtable, .subtable3             { border:1px solid #CCCCCC; margin-left:0px; background:#FFFFFF; margin-bottom:10px; }

                .subtable TD, .subtable3 TD       { padding-left:10px; padding-right:5px; padding-top:3px; padding-bottom:3px; line-height:1.1em; width:10%; }

                .subtable TH, .subtable3 TH       { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em;  }

                .subtable .footnote               { border-top:1px solid #CCCCCC; }

                .subtable3 .footnote, .subtable .footnote { border-top:1px solid #CCCCCC; }

                .subtable_frame     { background:#D9E3EA; border:1px solid #CCCCCC; margin-bottom:10px; margin-left:15px; }

                .subtable_frame TD  { line-height:1.1em; padding-bottom:3px; padding-left:10px; padding-right:15px; padding-top:3px; }

                .subtable_frame TH  { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; }

                .subtableInnerHead { border-bottom:1px solid #CCCCCC; border-top:1px solid #CCCCCC; }

                .explainlink            { color:#000000; text-decoration:none; cursor:hand; }

                .explainlink:hover      { color:#0000FF; text-decoration:underline; }

                .spacer { background:transparent; border:1px solid #BBBBBB; color:#FFFFFF; display:block; font-family:MS Shell Dlg; font-size:100%; height:10px; margin-bottom:-1px; margin-left:43px; margin-right:0px; padding-top: 4px; position:relative; }

                .filler { background:transparent; border:none; color:#FFFFFF; display:block; font:100% MS Shell Dlg; line-height:8px; margin-bottom:-1px; margin-left:53px; margin-right:0px; padding-top:4px; position:relative; }

                .container { display:block; position:relative; }

                .rsopheader { background-color:#A0BACB; border-bottom:1px solid black; color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-bottom:5px; text-align:center; }

                .rsopname { color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; }

                .gponame{ color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; }

                .gpotype{ color:#333333; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; padding-left:11px; }

                #uri    { color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; }

                #dtstamp{ color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; text-align:left; width:30%; }

                #objshowhide { color:#000000; cursor:hand; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; margin-right:0px; padding-right:10px; text-align:right; text-decoration:underline; z-index:2; word-wrap:normal; }

                #gposummary { display:block; }

                #gpoinformation { display:block; }

                @media print {

                    #objshowhide{ display:none; }

                    body    { color:#000000; border:1px solid #000000; }

                    .title  { color:#000000; border:1px solid #000000; }

                    .he0_expanded    { color:#000000; border:1px solid #000000; }

                    .he1h_expanded   { color:#000000; border:1px solid #000000; }

                    .he1_expanded    { color:#000000; border:1px solid #000000; }

                    .he1    { color:#000000; border:1px solid #000000; }

                    .he2    { color:#000000; background:#EEEEEE; border:1px solid #000000; }

                    .he3    { color:#000000; border:1px solid #000000; }

                    .he4    { color:#000000; border:1px solid #000000; }

                    .he4h   { color:#000000; border:1px solid #000000; }

                    .he4i   { color:#000000; border:1px solid #000000; }

                    .he5    { color:#000000; border:1px solid #000000; }

                    .he5h   { color:#000000; border:1px solid #000000; }

                    .he5i   { color:#000000; border:1px solid #000000; }

                    }

                    v\:* {behavior:url(#default#VML);}

</style>
<!-- Script 1 -->

<script language="vbscript">
<!--
'================================================================================
' String "strShowHide(0/1)"
' 0 = Hide all mode.
' 1 = Show all mode.
strShowHide = 1

'Localized strings
strShow = "show"
strHide = "hide"
strShowAll = "show all"
strHideAll = "hide all"
strShown = "shown"
strHidden = "hidden"
strExpandoNumPixelsFromEdge = "10px"


Function IsSectionHeader(obj)
    IsSectionHeader = (obj.className = "he0_expanded") Or (obj.className = "he1h_expanded") Or (obj.className = "he1_expanded") Or (obj.className = "he1") Or (obj.className = "he2") Or (obj.className = "he3") Or (obj.className = "he4") Or (obj.className = "he4h") Or (obj.className = "he5") Or (obj.className = "he5h")
End Function


Function IsSectionExpandedByDefault(objHeader)
    IsSectionExpandedByDefault = (Right(objHeader.className, Len("_expanded")) = "_expanded")
End Function


' strState must be show | hide | toggle
Sub SetSectionState(objHeader, strState)
    ' Get the container object for the section.  It's the first one after the header obj.

    i = objHeader.sourceIndex
    Set all = objHeader.parentElement.document.all
    While (all(i).className <> "container")
        i = i + 1
    Wend

    Set objContainer = all(i)

    If strState = "toggle" Then
        If objContainer.style.display = "none" Then
            SetSectionState objHeader, "show"
        Else
            SetSectionState objHeader, "hide"
        End If

    Else
        Set objExpando = objHeader.children.item(1)

        If strState = "show" Then
            objContainer.style.display = "block"
            objExpando.innerText = strHide

        ElseIf strState = "hide" Then
            objContainer.style.display = "none"
            objExpando.innerText = strShow
        End If
    End If
End Sub


Sub ShowSection(objHeader)
    SetSectionState objHeader, "show"
End Sub


Sub HideSection(objHeader)
    SetSectionState objHeader, "hide"
End Sub


Sub ToggleSection(objHeader)
    SetSectionState objHeader, "toggle"
End Sub


'================================================================================
' When user clicks anywhere in the document body, determine if user is clicking
' on a header element.
'================================================================================
Function document_onclick()
    Set strsrc    = window.event.srcElement

    While (strsrc.className = "sectionTitle" Or strsrc.className = "expando" Or strsrc.className = "vmlimage")
        Set strsrc = strsrc.parentElement
    Wend

    ' Only handle clicks on headers.
    If Not IsSectionHeader(strsrc) Then Exit Function

    ToggleSection strsrc

    window.event.returnValue = False
End Function

'================================================================================
' link at the top of the page to collapse/expand all collapsable elements
'================================================================================
Function objshowhide_onClick()
    Set objBody = document.body.all
    Select Case strShowHide
        Case 0
            strShowHide = 1
            objshowhide.innerText = strShowAll
            For Each obji In objBody
                If IsSectionHeader(obji) Then
                    HideSection obji
                End If
            Next
        Case 1
            strShowHide = 0
            objshowhide.innerText = strHideAll
            For Each obji In objBody
                If IsSectionHeader(obji) Then
                    ShowSection obji
                End If
            Next
    End Select
End Function

'================================================================================
' onload collapse all except the first two levels of headers (he0, he1)
'================================================================================
Function window_onload()
    ' Only initialize once.  The UI may reinsert a report into the webbrowser control,
    ' firing onLoad multiple times.
    If UCase(document.documentElement.getAttribute("gpmc_reportInitialized")) <> "TRUE" Then

        ' Set text direction
        Call fDetDir(UCase(document.dir))

        ' Initialize sections to default expanded/collapsed state.
        Set objBody = document.body.all

        For Each obji in objBody
            If IsSectionHeader(obji) Then
                If IsSectionExpandedByDefault(obji) Then
                    ShowSection obji
                Else
                    HideSection obji
                End If
            End If
        Next

        objshowhide.innerText = strShowAll

        document.documentElement.setAttribute "gpmc_reportInitialized", "true"
    End If
End Function

                


'================================================================================
' When direction (LTR/RTL) changes, change adjust for readability
'================================================================================
Function document_onPropertyChange()
    If window.event.propertyName = "dir" Then
        Call fDetDir(UCase(document.dir))
    End If
End Function
Function fDetDir(strDir)
    strDir = UCase(strDir)
    Select Case strDir
        Case "LTR"
            Set colRules = document.styleSheets(0).rules
            For i = 0 To colRules.length -1
                Set nug = colRules.item(i)
                strClass = nug.selectorText
                If nug.style.textAlign = "right" Then
                    nug.style.textAlign = "left"
                End If
                Select Case strClass
                    Case "DIV .expando"
                        nug.style.Left = ""
                        nug.style.right = strExpandoNumPixelsFromEdge
                    Case "#objshowhide"
                        nug.style.textAlign = "right"
                End Select
            Next
        Case "RTL"
            Set colRules = document.styleSheets(0).rules
            For i = 0 To colRules.length -1
                Set nug = colRules.item(i)
                strClass = nug.selectorText
                If nug.style.textAlign = "left" Then
                    nug.style.textAlign = "right"
                End If
                Select Case strClass
                    Case "DIV .expando"
                        nug.style.Left = strExpandoNumPixelsFromEdge
                        nug.style.right = ""
                    Case "#objshowhide"
                        nug.style.textAlign = "left"
                End Select
            Next
    End Select
End Function

'================================================================================
'When printing reports, if a given section is expanded, let's says "shown" (instead of "hide" in the UI).
'================================================================================
Function window_onbeforeprint()
    For Each obji In document.all
        If obji.className = "expando" Then
            If obji.innerText = strHide Then obji.innerText = strShown
            If obji.innerText = strShow Then obji.innerText = strHidden
        End If
    Next
End Function

'================================================================================
'If a section is collapsed, change to "hidden" in the printout (instead of "show").
'================================================================================
Function window_onafterprint()
    For Each obji In document.all
        If obji.className = "expando" Then
            If obji.innerText = strShown Then obji.innerText = strHide
            If obji.innerText = strHidden Then obji.innerText = strShow
        End If
    Next
End Function

'================================================================================
' Adding keypress support for accessibility
'================================================================================
Function document_onKeyPress()
    If window.event.keyCode = "32" Or window.event.keyCode = "13" Or window.event.keyCode = "10" Then 'space bar (32) or carriage return (13) or line feed (10)
        If window.event.srcElement.className = "expando" Then Call document_onclick() : window.event.returnValue = false
        If window.event.srcElement.className = "sectionTitle" Then Call document_onclick() : window.event.returnValue = false
        If window.event.srcElement.id = "objshowhide" Then Call objshowhide_onClick() : window.event.returnValue = false
    End If
End Function
                
-->
</script>
                
<!-- Script 2 -->

<script language="javascript">
<!--
function getExplainWindowTitle()
{
        return document.getElementById("explainText_windowTitle").innerHTML;
}

function getExplainWindowStyles()
{
        return document.getElementById("explainText_windowStyles").innerHTML;
}

function getExplainWindowSettingPathLabel()
{
        return document.getElementById("explainText_settingPathLabel").innerHTML;
}

function getExplainWindowExplainTextLabel()
{
        return document.getElementById("explainText_explainTextLabel").innerHTML;
}

function getExplainWindowPrintButton()
{
        return document.getElementById("explainText_printButton").innerHTML;
}

function getExplainWindowCloseButton()
{
        return document.getElementById("explainText_closeButton").innerHTML;
}

function getNoExplainTextAvailable()
{
        return document.getElementById("explainText_noExplainTextAvailable").innerHTML;
}

function getExplainWindowSupportedLabel()
{
        return document.getElementById("explainText_supportedLabel").innerHTML;
}

function getNoSupportedTextAvailable()
{
        return document.getElementById("explainText_noSupportedTextAvailable").innerHTML;
}

function showExplainText(srcElement)
{
    var strSettingName = srcElement.getAttribute("gpmc_settingName");
    var strSettingPath = srcElement.getAttribute("gpmc_settingPath");
    var strSettingDescription = srcElement.getAttribute("gpmc_settingDescription");

    if (strSettingDescription == "")
    {
                strSettingDescription = getNoExplainTextAvailable();
    }

    var strSupported = srcElement.getAttribute("gpmc_supported");

    if (strSupported == "")
    {
        strSupported = getNoSupportedTextAvailable();
    }

    var strHtml = "<html>\n";
    strHtml += "<head>\n";
    strHtml += "<title>" + getExplainWindowTitle() + "</title>\n";
    strHtml += "<style type='text/css'>\n" + getExplainWindowStyles() + "</style>\n";
    strHtml += "</head>\n";
    strHtml += "<body>\n";
    strHtml += "<div class='head'>" + strSettingName +"</div>\n";
    strHtml += "<div class='path'><b>" + getExplainWindowSettingPathLabel() + "</b><br/>" + strSettingPath +"</div>\n";
    strHtml += "<div class='path'><b>" + getExplainWindowSupportedLabel() + "</b><br/>" + strSupported +"</div>\n";
    strHtml += "<div class='info'>\n";
    strHtml += "<div class='hdr'>" + getExplainWindowExplainTextLabel() + "</div>\n";
    strHtml += "<div class='bdy'>" + strSettingDescription + "</div>\n";
    strHtml += "<div class='btn'>";
    strHtml += getExplainWindowPrintButton();
    strHtml += getExplainWindowCloseButton();
    strHtml += "</div></body></html>";

    var strDiagArgs = "height=360px, width=630px, status=no, toolbar=no, scrollbars=yes, resizable=yes ";
    var expWin = window.open("", "expWin", strDiagArgs);
    expWin.document.write("");
    expWin.document.close();
    expWin.document.write(strHtml);
    expWin.document.close();
    expWin.focus();

    //cancels navigation for IE.
    if(navigator.userAgent.indexOf("MSIE") > 0)
    {
        window.event.returnValue = false;
    }

    return false;
}
-->
</script>
                
</head>

<body>

<!-- HTML resources -->
<div style="display:none;">
        <div id="explainText_windowTitle">Group Policy Management</div>
        <div id="explainText_windowStyles">
        
                            body  { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; }

                            .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; }

                            .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; }

                            .info { padding-left:10px;width:100%; }

                            table { font-size:100%; width:100%; border:1px solid #999999; }

                            th    { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; }

                            td    { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; }

                            .btn  { width:100%; text-align:right; margin-top:16px; }

                            .hdr  { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; }

                            .bdy  { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; }

                            button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; }

                            @media print {

                                .bdy { display:block; overflow:visible; }

                                button { display:none; }

                                .head { color:#000000; background:#FFFFFF; border:1px solid #000000; }

                            }

                
        </div>
        <div id="explainText_settingPathLabel">Setting Path:</div>
        <div id="explainText_explainTextLabel">Explanation</div>
        <div id="explainText_printButton">
        <button name="Print" onClick="window.print()" accesskey="P"><u>P</u>rint</button>

                </div>
        <div id="explainText_closeButton">
        <button name="Close" onClick="window.close()" accesskey="C"><u>C</u>lose</button>
                
        </div>
        <div id="explainText_noExplainTextAvailable">No explanation is available for this setting.</div>
        <div id="explainText_supportedLabel">Supported On:</div>
        <div id="explainText_noSupportedTextAvailable">Not available</div>
</div><table class="title" cellpadding="0" cellspacing="0">
<tr><td colspan="2" class="gponame">802.1x - Wired</td></tr>
<tr>
    <td id="dtstamp">Data collected on: 4/26/2018 9:38:38 AM</td>
    <td><div id="objshowhide" tabindex="0"></div></td>
</tr>
</table>

<div class="gposummary">
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">General</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1"><span class="sectionTitle" tabindex="0">Details</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info" cellpadding="0" cellspacing="0">
<tr><td scope="row">Domain</td><td>-</td></tr>
<tr><td scope="row">Owner</td><td>-</td></tr>
<tr><td scope="row">Created</td><td>-</td></tr>
<tr><td scope="row">Modified</td><td>-</td></tr>
<tr><td scope="row">User Revisions</td><td>0 (AD), 0 (sysvol)</td></tr>
<tr><td scope="row">Computer Revisions</td><td>25 (AD), 25 (sysvol)</td></tr>
<tr><td scope="row">Unique ID</td><td>{28777E19-44A0-4536-9684-C59690CA42C5}</td></tr>
<tr><td scope="row">GPO Status</td><td>User settings disabled</td></tr>
</table></div></div>
<div class="filler"></div>
<div class="he1"><span class="sectionTitle" tabindex="0">Links</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0"><tr><th scope="col">Location</th><th scope="col">Enforced</th><th scope="col">Link Status</th><th scope="col">Path</th></tr>
    <tr><td>Computers-Desktops</td><td>No</td><td>Enabled</td><td>domain/Computers-DesktopsOU</td></tr>
    </table>
    <br/>This list only includes links in the domain of the GPO.</div></div>
<div class="filler"></div>
<div class="he1"><span class="sectionTitle" tabindex="0">Security Filtering</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><b>The settings in this GPO can only apply to the following groups, users, and computers:</b></div>
<div class="he4i">
<table class="info" cellpadding="0" cellspacing="0"><tr><th scope="col">Name</th></tr><tr><td>NT AUTHORITY\Authenticated Users</td></tr></table>
</div>
</div>
<div class="filler"></div>

<div class="filler"></div>
<div class="he1"><span class="sectionTitle" tabindex="0">Delegation</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><b>These groups and users have the specified permission for this GPO</b></div>
<div class="he4i">
<table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Allowed Permissions</th><th scope="col">Inherited</th></tr>
<tr><td>NT AUTHORITY\Authenticated Users</td><td>Read (from Security Filtering)</td><td>No</td></tr>
<tr><td>NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</td><td>Read</td><td>No</td></tr>
<tr><td>NT AUTHORITY\SYSTEM</td><td>Edit settings, delete, modify security</td><td>No</td></tr>
<tr><td>domain\Domain Admins</td><td>Edit settings, delete, modify security</td><td>No</td></tr>
<tr><td>domain\Enterprise Admins</td><td>Edit settings, delete, modify security</td><td>No</td></tr>
</table>

</div></div></div>
<div class="filler"></div>
</div>
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">Computer Configuration (Enabled)</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1h_expanded"><span class="sectionTitle" tabindex="0">Policies</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1_expanded"><span class="sectionTitle" tabindex="0">Windows Settings</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he2"><span class="sectionTitle" tabindex="0">Security Settings</span><a class="expando" href="#"></a></div>
        <div class="container"><div class="he3"><span class="sectionTitle" tabindex="0">System Services</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4h"><span class="sectionTitle" tabindex="0">Wired AutoConfig (Startup Mode: Automatic)</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><b>Permissions</b><table class="subtable3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Type</th><th scope="col">Name</th><th scope="col">Permission</th></tr><tr><td>Allow</td><td>BUILTIN\Administrators</td><td>Full Control</td></tr><tr><td>Allow</td><td>NT AUTHORITY\SYSTEM</td><td>Full Control</td></tr><tr><td>Allow</td><td>NT AUTHORITY\INTERACTIVE</td><td>Read</td></tr></table>
</div><div class="he4i"><b>Auditing</b><table class="subtable3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Type</th><th scope="col">Name</th><th scope="col">Access</th></tr><tr><td>Failure</td><td>Everyone</td><td>Full Control</td></tr></table>
</div></div></div><div class="he3"><span class="sectionTitle" tabindex="0">Wired Network (802.3) Policies</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4"><span class="sectionTitle" tabindex="0">802.1x - Wired</span><a class="expando" href="#"></a></div>
    <div class="container">
<div class="he4i"><table class="info" cellpadding="0" cellspacing="0">
<tr><td>Name</td><td>802.1x - Wired</td></tr>
<tr><td>Description</td><td>configuring 802.1x wired connections</td></tr>
</table>
</div><div class="he4h"><span class="sectionTitle" tabindex="0">Global Settings</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info" cellpadding="0" cellspacing="0">
<tr><th scope="col">Setting</th><th scope="col">Value</th></tr>
<tr><td>Use Windows wired LAN network services for clients</td><td>Enabled</td></tr>
<tr><td>Shared user credentials for network authentication</td><td>Enabled</td></tr>
</table>
</div></div><div class="he4"><span class="sectionTitle" tabindex="0">Network Profile</span><a class="expando" href="#"></a></div>
    <div class="container">
<div class="he4i"><div class="he4h"><span class="sectionTitle" tabindex="0">Security Settings</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info" cellpadding="0" cellspacing="0">
<tr><td>Enable use of IEEE 802.1X authentication for network access</td><td>Enabled</td></tr>
<tr><td>Enforce use of IEEE 802.1X authentication for network access</td><td>Disabled</td></tr>
</table>
</div></div><div class="he4h"><span class="sectionTitle" tabindex="0">IEEE 802.1X Settings</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info" cellpadding="0" cellspacing="0">
<tr><td>Computer Authentication</td><td>User re-authentication</td></tr>
<tr><td>Maximum Authentication Failures</td><td>1</td></tr>
<tr><td>Maximum EAPOL-Start Messages Sent</td><td></td></tr>
<tr><td>Held Period (seconds)</td><td></td></tr>
<tr><td>Start Period (seconds)</td><td></td></tr>
<tr><td>Authentication Period (seconds)</td><td></td></tr>
</table>
</div></div></div></div></div></div></div></div></div></div>
<div class="filler"></div>
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">User Configuration (Disabled)</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i">No settings defined.</div></div>
</body></html>
Photo of Brian Anderson

Brian Anderson

  • 672 Points 500 badge 2x thumb
Usually I deploy the GPO, certificate box unchecked, user or computer authentication and start the wired auto config service.  I don't use a powershell script for it. 
Photo of Jared Harvey

Jared Harvey

  • 180 Points 100 badge 2x thumb
Brian,

How are you accomplishing those four tasks?
Photo of Brian Anderson

Brian Anderson

  • 672 Points 500 badge 2x thumb
You can use this site as an example: https://www.raydbg.com/2017/How-to-Configure-Wired-Authentication-Settings-via-GPO/  Just set to PEAP rather than smart card.  Disregard non-domain devices. 
Photo of Darin Seiler

Darin Seiler

  • 402 Points 250 badge 2x thumb
The group policy I shared uses Microsoft: Smart Card or other certificate for the network authentication method. Within the settings for that we select to use a certificate on this computer (our internal Microsoft PKI issues a user and computer certificate to the Windows domain joined devices). Non domain joined devices we don't use 802.1x and just use MAC auth. Within the Advanced settings, we specify the auth mode as User or computer authentication. All very similar to the guides Brian provided above. I have a custom Word document I could share with you on our NIC configurations as well as 802.1x troubleshooting guide that we created to help our desktop techs if needed that match the GPO above.
Photo of Jared Harvey

Jared Harvey

  • 180 Points 100 badge 2x thumb
Brian and Darin,

Thanks for the input! I'll forward this to my server team and see if this gets them to where they need to be.
Photo of Jared Harvey

Jared Harvey

  • 180 Points 100 badge 2x thumb
Hi All,

We were able to craft this GPO based off of the information here: https://technet.microsoft.com/en-us/library/2008.02.cableguy.aspx.