• ITS Help Desk
• Support
• Security
• Software Central
• Get a Computer
• Help Desk Live

Configuring your Windows Vista Computer for UI Wireless using Group Policy settings

1. Go to the Start menu and choose Run. (Windows key + R)
   -type runas /user:iowa\your_admin_id mmc
   -your_admin_id is your Adminstrative ID
   
   
   
   
2. You will be prompted to enter your password on a command line, after which the MMC console will open.  Choose “Add/Remove Snap-in...” from the File menu
   
   
   
   
3. The Add or Remove Snap-ins dialog will appear, scroll down to Group Policy Management (on the left) and click “Add>”
   -Click OK to close the Add or Remove Snap-ins dialog
   
   
   
   
4. You will see the Group Policy Management snap-in in the console.  Expand the structure to navigate to the OU that you want to apply the policy to:
   -Right-click on the OU and choose “Create a GPO in this domain and link it here...”
   
   
   
   
5. In the New GPO dialog: 
   - Pick a name for your policy that fits the naming convention, with your department, division or college name at the beginning.  For instance if you are in the College of Pharmacy, you’d name your policy something like “COP Vista Wireless”
   -Click OK to create the policy
   
   
   
   
6. Right click on the policy and choose Edit (the policy will appear in the Group Policy Management Console)
   
7. Navigate to:
   Computer Configuration -> Windows Settings -> Security Settings -> Wireless Network (IEEE 802.11) Policies
8. Right click on Wireless Network (IEEE 802.11) Policies and choose “Create a new Windows Vista Policy...”
   
9. Fill in the Vista Policy Name field with a policy name.
   -Fill in a short description in the Description field
   -Click Add and choose “Infrastructure”
   
   
   
   
10. The New Profile Properties dialog will appear:
    -Fill in the following fields
    -Profile Name: UI-Wireless-WPA2
    -Network Name(s) (SSID): UI-Wireless-WPA2 and click “Add...”
    -click “NEWSSID” and click “Remove”
    
    
    
    
11. Click the Security tab:
    -Choose “WPA2-Enterprise” under the Authentication drop-down
    -Choose “AES” under the Encryption drop-down
    -Choose Protected EAP (PEAP) under the “Select a network authentication method” drop-down
    -Choose User re-authentication under the “Authentication Mode:” drop –down
    “Cache user information for subsequent connections to this network” should be checked
    -Click Advanced
    
    
    
    
12. In the Advanced Security settings dialog box:
    -Check “Enable Single Sign On for this network”
    -Click “Perform immediately before User Logon”
    -Click OK to close the Advanced security settings dialog
    
    
    
    
13. In the New Profile properties screen click “Properties” next to Select a network authentication method and the PEAP properties screen will appear.
    -Check “Validate server certificate”
    -Check “Connect to these servers:”
    -Enter net-auth-1.its.uiowa.edu in the field
    -Under “Trusted Root Certification Authorities:” check “Thawte Premium Server CA”
    -Click OK to exit Properties
    
    



14. Click OK to exit profile properties and click OK to save the new profile.
    

Return to Wireless Support Center

Last Updated: 07/11/2008