Wireless Deployment via Group Policy
This page contains screenshots from Disco ICT v1 and will be updated shortly.
This guide can be used to deploy wireless profiles and authority certificates necessary for clients to connect to an enterprise wireless network. This guide focuses on deploying the eduSTAR.net Enterprise Wireless Network (public information; authorised information), however it can be used to deploy other networks also. This guide complements the Disco Device Enrolment feature which can automatically assign and distribute unique personal machine certificates to each device.
This document is intended to provide a basic guide only - each environment will be different and the reader may choose to implement certain details differently or in accordance with existing policies.
Within the Group Policy Management console, create a new Group Policy Object.
NOTE: You may use an existing
policy; however this does make testing the changes difficult and
can negatively impact on existing clients.
Edit the policy, and browse to:
If you are updating an existing policy, you can delete the existing wireless network policy, and then create a new one.
Provide a Policy Name and Description, and then Import the Wireless Configuration Profile.
It is often advisable to export the wireless
configuration from a known working device rather than manually
create the profile. Run the following program at a command prompt
for information on how to export configuration profiles:
Wireless Configuration Profiles that are applied via Group Policy are not editable on the client and take precedence over any existing profiles.
For eduSTAR.net users: Information on obtaining an exported copy of the wireless configuration profile can be found on this Forum Post.
Import the Certificates
Obtain the certificates for Import.
Note: The following article describes how to export certificates from a computer: Microsoft TechNet: Export a Certificate
For eduSTAR.net users: Information on obtaining an exported copy of the eduSTAR.net public certificates can be found on this Forum Post.
Trusted Root Certificates
Use the Certificate Import Wizard to import the Trusted Root
Apply the Policy to the appropriate Active Directory Organization Unit/s
Close the Group Policy Management Editor once all changes have been made.
Within the Group Policy Management console, drag the policy from Group Policy Objects onto the relevant Organization Units.
It is often advisable to create a test Organization Unit first, and then (after confirming all settings are applied correctly) a larger scale rollout can be attempted.
For clients to connect using this policy, a personal machine certificate must be deployed to each device.
Disco Device Enrolment can perform this assignment automatically.