1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Leveraging Group Policy to Setup Wireless Access

Published by SPK Blog Post
on February 15, 2011

In my last post, I introduced Clonezilla as an easy way to deploy Windows-based workstations into a corporate environment. But once a workstation enters the corporate network, what sort of policy applies to it? What sort of actions can a user take on their workstation? One powerful way to control this is through Group Policy. Group Policy allows full control over Windows-based workstations. From preventing unauthorized software installations to reminding users that their password is going to expire when they login, it can do it all. In this post, I’m going to detail how we at SPK and Associates, IT engineering experts, setup a Group Policy to configure wireless intranet and internet access for one of our clients.

When we were brought in at this client, wireless access was provided for users and their laptops, but users complained often that they lost connection, or couldn’t get a connection to the wireless networks in the building. One of the first things we did as part of SPK’s network management consulting service was to unify the various wireless networks into a single one that could be accessed anywhere in the building. The wireless network needed to authenticate users based on their Active Directory account rather than a single authentication key. This prevents unauthorized users from gaining access to the internal network. Wireless security is essential, as with most company networks, confidential or proprietary information is stored on internal file servers and unauthorized access could lead to a disaster for the company.

Here’s a quick overview of the various ways to protect a wireless network from unauthorized use:

Network Security Method Advantages Disadvantages
Wi-Fi Protected Access (WPA) Very secure. Can be combined with 802.1X authentication for enhanced network security. Incompatibility with older hardware. WPA also has a larger performance overhead and increased data packet size which can lead to longer transmissions.
Wired Equivalent Privacy (WEP) Generally well supported by most, if not all wireless capable devices and wireless adapters. Provides basic security to prevent unauthorized access.Typical use of this is for a “Guest” wireless network, where no company intranet is exposed. Very easy to crack the WEP key. If the key is changed often, it can prove to be a management nightmare having to change the key for all users.
None Extremely easy to setup. Anyone can use the network, possibly for malicious intent. Not recommended for company use.

For our client, we used WPA2-Enterprise security which is WPA2 based along with 802.1X authentication. This method works for a variety of reasons. One, we get strong data encryption with WPA2 which is stronger encryption than the original WPA. Second, with 802.1X authentication, only authorized users in Active Directory will be allowed to use the wireless network. Even if an outside attacker tried to get on to the network, they would need a user account to actually authenticate. Finally, we set a user-level authentication policy in Active Directory that only users who had the Remote Access setting to Allow would be allowed to connect to the wireless network. This works great if you have a company with contractors who need an account on the system, but might not necessarily be allowed to access the network remotely or in this case, via wireless.

After setting up 2 wireless access points to provide broad coverage for the building, we needed to configure all of the laptops to use this network. There’s 2 ways to accomplish this, the traditional method which is sending out a document to the company detailing how to setup wireless, or the SPK way: Create a Group Policy, deploy it, and all laptops will be configured automatically with no user intervention required! This also allows users to add their own personal wireless networks and use them as well without affecting the corporate wireless configuration.

The end result of all of this was a very happy client. Users no longer complained about wireless access, the wireless network was very secure, and folks were able to get their work done efficiently from anywhere in the building.

Subscribe to the blog to keep informed on Engineering Applications, remote server management, and other topics of interest to IT and engineering professionals.

Bradley Tinder

Systems Integrator, SPK

Latest White Papers

Three Trends Are Transforming The Service Desk

Three Trends Are Transforming The Service Desk

Your IT service desk is about to change. Find out what's shaping the future. Three factors — enterprise service management (ESM), collaboration, and intelligent service management — are driving the transformation of the service desk. To better meet customers’ needs...

Related Resources

Extending CloudBees SDA Analytics

Extending CloudBees SDA Analytics

CloudBees SDA Analytics has more power than you think One of the main features of CloudBees SDA is CloudBees Analytics, powered by ElasticSearch. It’s a powerful tool for displaying continuous integration data and there are loads of useful metrics available from...

Is The IT Department Really “Dead?”

Is The IT Department Really “Dead?”

“It’s Time to Get Rid of the IT Department.”  That was the title of an opinion piece recently published in the Wall Street Journal.  Provocative?  Sure.  My answer to this is not “yes,” but many of the author’s points are valid.  The Same Old IT Department? No, the IT...

How To Add More Disk Space To Your Redhat Server Without Reformatting

How To Add More Disk Space To Your Redhat Server Without Reformatting

(Originally published in 2012, updated January 2022.) One of the common tasks for any system administrator is managing disk space on a server. A common question is how to increase disk space on a linux system. I won't go into a boring lecture on why managing disk...