Deploying 802.1X on PCs via Group Policy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-26-2018 11:34 AM
I realize this is outside the scope of Extreme's product line, but we're currently looking at how to roll out 802.1X configuration to our Windows PCs in the environment. Enabling the Wired AutoConfig service is the easy part, but configuring the authentication parameters on the PCs NICs is proving to be a bit more challenging. We've been evaluating using a PowerShell script delivered via Group Policy alongside GPO rules.
How have your organizations managed this roll out when deploying Access Control and Policy?
How have your organizations managed this roll out when deploying Access Control and Policy?
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-10-2018 06:21 PM
Hi All,
We were able to craft this GPO based off of the information here: https://technet.microsoft.com/en-us/library/2008.02.cableguy.aspx.
We were able to craft this GPO based off of the information here: https://technet.microsoft.com/en-us/library/2008.02.cableguy.aspx.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-26-2018 11:52 AM
We do 802.1x on wired PCs and control wired NIC settings through Group Policy. Below is a sample copy of our Group Policy settings. Not sure if that is what you were looking for or if you were looking for additional parameters and settings. I didn't see a way I could add an attachment to this post so you will need to copy and paste all syntax below to notepad, save it as an htm file extension and you can view it within a browser.
802.1x - Wired
Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; }
.head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; }
.path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; }
.info { padding-left:10px;width:100%; }
table { font-size:100%;
Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; }
.head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; }
.path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; }
.info { padding-left:10px;width:100%; }
table { font-size:100%;
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-26-2018 11:52 AM
Brian and Darin,
Thanks for the input! I'll forward this to my server team and see if this gets them to where they need to be.
Thanks for the input! I'll forward this to my server team and see if this gets them to where they need to be.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-26-2018 11:52 AM
The group policy I shared uses Microsoft: Smart Card or other certificate for the network authentication method. Within the settings for that we select to use a certificate on this computer (our internal Microsoft PKI issues a user and computer certificate to the Windows domain joined devices). Non domain joined devices we don't use 802.1x and just use MAC auth. Within the Advanced settings, we specify the auth mode as User or computer authentication. All very similar to the guides Brian provided above. I have a custom Word document I could share with you on our NIC configurations as well as 802.1x troubleshooting guide that we created to help our desktop techs if needed that match the GPO above.