From: Camerons on
We are currently using Windows XP Professional SP3 with Client Side
Extensions installed against a 2003 Active Directory functional level domain

We are attempting to implement an 802.1X certificate based authentication
scheme accross our enviroment for both our wired and wireless connection.
Unfortuatley the people who we rent active directory from are unwilling to
setup a 2008 Active Directory functional level domain controller or apply
the requried schema extension necessary so that I could apply the 802.3X
Wired Authentication GPO

I've done much research on this, will very little productive information.

What information I have found describes the same process that if you enable
the Wired AutoConfig service which enable the Authentication Tab for your
network card, that authentication changes are stored in the registry in the
following location

HKLM\SOFTWARE\Microsoft\EAPOL\Parameters\Interfaces\YOURNIC\

I tried replicating the settings on my desktop and while I could make
changes via the GUI, I could not find those changes replicated in the
specified location or for that matter in any place in the registry. I
thought this maybe had to do with image domain added workstation, maybe a
seperate GPO was doing something. So this morning I setup a clean box with a
default install of Windows XP SP2 not attached to any domain/workgroup.

Unfortuatley I've found that the same situation has occured. I should also
say this is with using either PEAP or Certificate as the authenetication
method.

I was hoping someone might be to shed some light as to why my registry isn't
updating, before I have to place a call with Microsoft and use up support
hours.

For more information the most productive post I've been able to find on this
topic is:
http://www.derkeiler.com/Newsgroups/microsoft.public.win2000.security/2005-06/0126.html
Thanks.


From: Eric Geier Eric on
I'm not sure about the registry, but you might find using a hosted
RADIUS/802.1X service better than setting up your own server.
AuthenticateMyWiFi from NoWiresSecurity is one choice:
http://www.NoWiresSecurity.com

"Camerons" wrote:

> We are currently using Windows XP Professional SP3 with Client Side
> Extensions installed against a 2003 Active Directory functional level domain
>
> We are attempting to implement an 802.1X certificate based authentication
> scheme accross our enviroment for both our wired and wireless connection.
> Unfortuatley the people who we rent active directory from are unwilling to
> setup a 2008 Active Directory functional level domain controller or apply
> the requried schema extension necessary so that I could apply the 802.3X
> Wired Authentication GPO
>
> I've done much research on this, will very little productive information.
>
> What information I have found describes the same process that if you enable
> the Wired AutoConfig service which enable the Authentication Tab for your
> network card, that authentication changes are stored in the registry in the
> following location
>
> HKLM\SOFTWARE\Microsoft\EAPOL\Parameters\Interfaces\YOURNIC\
>
> I tried replicating the settings on my desktop and while I could make
> changes via the GUI, I could not find those changes replicated in the
> specified location or for that matter in any place in the registry. I
> thought this maybe had to do with image domain added workstation, maybe a
> seperate GPO was doing something. So this morning I setup a clean box with a
> default install of Windows XP SP2 not attached to any domain/workgroup.
>
> Unfortuatley I've found that the same situation has occured. I should also
> say this is with using either PEAP or Certificate as the authenetication
> method.
>
> I was hoping someone might be to shed some light as to why my registry isn't
> updating, before I have to place a call with Microsoft and use up support
> hours.
>
> For more information the most productive post I've been able to find on this
> topic is:
> http://www.derkeiler.com/Newsgroups/microsoft.public.win2000.security/2005-06/0126.html
> Thanks.
>
>
> .
>