Wireless Deployment via Group Policy

This page contains screenshots from Disco ICT v1 and will be updated shortly.

This guide can be used to deploy wireless profiles and authority certificates necessary for clients to connect to an enterprise wireless network. This guide focuses on deploying the eduSTAR.net Enterprise Wireless Network (public information; authorised information), however it can be used to deploy other networks also. This guide complements the Disco Device Enrolment feature which can automatically assign and distribute unique personal machine certificates to each device.

This document is intended to provide a basic guide only - each environment will be different and the reader may choose to implement certain details differently or in accordance with existing policies.

1: 1at

Within the Group Policy Management console, create a new Group Policy Object.

NOTE: You may use an existing policy; however this does make testing the changes difficult and can negatively impact on existing clients.
In this guide, the policy will be named 'Wireless - eduSTAR.net'

1bt

2: 2t

Edit the policy, and browse to:

  • Computer Configuration
  • Policies
  • Windows Settings
  • Security Settings

Right-click:
Wireless Network (IEEE 802.11) Policies

Select:
Create A New Wireless Network Policy for Windows Vista and Later Releases

If you are updating an existing policy, you can delete the existing wireless network policy, and then create a new one.

3: 3t

Provide a Policy Name and Description, and then Import the Wireless Configuration Profile.

It is often advisable to export the wireless configuration from a known working device rather than manually create the profile. Run the following program at a command prompt for information on how to export configuration profiles:
> netsh wlan export profile ?

Wireless Configuration Profiles that are applied via Group Policy are not editable on the client and take precedence over any existing profiles.

For eduSTAR.net users: Information on obtaining an exported copy of the wireless configuration profile can be found on this Forum Post.

Click OK.

4: 4t

Import the Certificates

Obtain the certificates for Import.

Note: The following article describes how to export certificates from a computer: Microsoft TechNet: Export a Certificate

For eduSTAR.net users: Information on obtaining an exported copy of the eduSTAR.net public certificates can be found on this Forum Post.

Browse to:

  • Computer Configuration
  • Policies
  • Windows Settings
  • Security Settings
  • Public Key Policies
5: 5at

Trusted Root Certificates

Right-click:
Trusted Root Certification Authorities

Select:
Import

Use the Certificate Import Wizard to import the Trusted Root Certificates.
5bt
For eduSTAR.net users: Depending on the status of your deployment, you may need to import both the old (512-bit) and new (2048-bit) certificates.

Intermediary Certificates

Right-click:
Intermediate Certification Authorities

Select:
Import

Use the Certificate Import Wizard to import the Intermediary Certificates.
5ct
For eduSTAR.net users: Depending on the status of your deployment, you may need to import both the old and new certificates.

6: 6t

Apply the Policy to the appropriate Active Directory Organization Unit/s

Close the Group Policy Management Editor once all changes have been made.

Within the Group Policy Management console, drag the policy from Group Policy Objects onto the relevant Organization Units.

It is often advisable to create a test Organization Unit first, and then (after confirming all settings are applied correctly) a larger scale rollout can be attempted.

7:

For clients to connect using this policy, a personal machine certificate must be deployed to each device.

Disco Device Enrolment can perform this assignment automatically.