Showing results for 
Search instead for 
Did you mean: 

Deploying 802.1X on PCs via Group Policy

Deploying 802.1X on PCs via Group Policy

New Contributor
I realize this is outside the scope of Extreme's product line, but we're currently looking at how to roll out 802.1X configuration to our Windows PCs in the environment. Enabling the Wired AutoConfig service is the easy part, but configuring the authentication parameters on the PCs NICs is proving to be a bit more challenging. We've been evaluating using a PowerShell script delivered via Group Policy alongside GPO rules.

How have your organizations managed this roll out when deploying Access Control and Policy?

New Contributor
Hi All,

We were able to craft this GPO based off of the information here:

New Contributor
We do 802.1x on wired PCs and control wired NIC settings through Group Policy. Below is a sample copy of our Group Policy settings. Not sure if that is what you were looking for or if you were looking for additional parameters and settings. I didn't see a way I could add an attachment to this post so you will need to copy and paste all syntax below to notepad, save it as an htm file extension and you can view it within a browser.

802.1x - Wired

Group Policy Management

body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; }

.head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; }

.path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; }

.info { padding-left:10px;width:100%; }

table { font-size:100%;

Brian and Darin,

Thanks for the input! I'll forward this to my server team and see if this gets them to where they need to be.

The group policy I shared uses Microsoft: Smart Card or other certificate for the network authentication method. Within the settings for that we select to use a certificate on this computer (our internal Microsoft PKI issues a user and computer certificate to the Windows domain joined devices). Non domain joined devices we don't use 802.1x and just use MAC auth. Within the Advanced settings, we specify the auth mode as User or computer authentication. All very similar to the guides Brian provided above. I have a custom Word document I could share with you on our NIC configurations as well as 802.1x troubleshooting guide that we created to help our desktop techs if needed that match the GPO above.