How to enable computer-only authentication for a 802.1X-based network in Windows Vista

How to enable computer-only authentication for a 802.1X-based network in Windows Vista

Article ID : 929847
Last Review : March 17, 2007
Revision : 1.4

INTRODUCTION

This article discusses how to enable computer-only authentication for an 802.1X-based network in Windows Vista.

MORE INFORMATION

Microsoft Windows XP and Microsoft Windows Server 2003 store 802.1X computer and user authentication settings in the AuthMode registry entry in the following registry subkey:

HKEY_LOCAL_MACHINE Software Microsoft EAPOL Parameters General Global

However, the AuthMode registry entry is not included in Windows Vista. If computer-only authentication is configured in an environment that has Windows XP-based computers, the settings are not applied to Windows Vista-based computers. To set the authentication mode in Windows Vista, you must modify the 802.1X network profile.

To enable computer-only authentication for an 802.X-based network in Windows Vista, follow these steps:

1. Perform one of the following procedures, depending on whether you are using a wired or a wireless network connection.

• Wired network connection

Create an 802.1X-based network profile on a wired network connection. To do this, follow these steps:

a. Right-click the network connection icon in the notification area at the far right of the taskbar, and then click Network and Sharing Center.
b. Under Tasks, click Manage Network Connections.
c. Right-click the network connection that you want to configure, and then click Properties.

User If you are prompted for an administrator password or confirmation, type your password or click Continue.

d. Click the Authentication tab, specify the settings that you want, and then click OK.
• Wireless network connection

Create an 802.1X-based network profile on a wireless network connection. To do this, follow these steps:

a. Right-click the network connection icon in the notification area at the far right of the taskbar, and then click Network and Sharing Center.
b. Under Tasks, click Manage Wireless Networks.
c. Click Add. The Wireless Network Wizard starts.
d. Follow the instructions that are displayed on the screen to create a wireless network profile.
2. Export the network profile information to an XML file. To do this, follow these steps:

a. Click StartStart, type cmd in the Start Search box, right-click cmd in the Programs list, and then click Run as administrator.

User If you are prompted for an administrator password or confirmation, type your password or click Continue.

b. At the command prompt, type one of the following lines, depending on whether you are using a wired or a wireless network connection, and then press ENTER.

• If you are using a wired network connection, type the following line:

netsh lan export profile folder=c:
• If you are using a wireless network connection, type the following line:

netsh wlan export profile folder=c:
3. Modify the network profile in the XML file to specify computer-only authentication. To do this, follow these steps:

a. Start Notepad, and then open the XML file.
b. In the XML file, locate the section that contains the OneX settings. The following is an example of this section:

<OneX xmlns=http://www.microsoft.com/networking/OneX/v1>                              <authMode>machineOrUser</authMode>                               <EAPConfig>...</EAPConfig>                </OneX>

c. Modify the <authMode> line as follows:

<authMode>machine</authMode>

The following is an example of the section that contains the OneX settings after it is modified:

<OneX xmlns=http://www.microsoft.com/networking/OneX/v1>                              <authMode>machine</authMode>                               <EAPConfig>...</EAPConfig>                </OneX>

d. Save, and then close the XML file.
4. Add the network profile that you modified. To do this, type one of the following lines at the command prompt, depending on whether the network profile is for a wired or a wireless network connection. Then, press ENTER.

• If the network profile is for a wired network connection, type the following line:

netsh lan add profile filename=PathofXMLFile
• If the network profile is for a wireless network connection, type the following line:

netsh wlan add profile filename=PathOfXMLFile

The authMode (OneX) element specifies the type of credentials that are used for authentication. The following table describes the values that the authMode (OneX) element uses.

Value Description
machineOrUser Use computer-only credentials or user-only credentials. When a user is logged on, the user’s credentials are used for authentication. When no user is logged on, computer-only credentials are used for authentication.
machine Use computer-only credentials.
user Use user-only credentials.
guest Use guest-only credentials.

For more information about the authMode (OneX) element, visit the following Microsoft Web site:

http://msdn2.microsoft.com/en-us/library/ms706279.aspx (http://msdn2.microsoft.com/en-us/library/ms706279.aspx)

For more information about new networking features in Windows Server 2008 and in Windows Vista, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/library/bb726965.aspx (http://technet.microsoft.com/en-us/library/bb726965.aspx)

APPLIES TO
• Windows Vista Ultimate
• Windows Vista Enterprise
• Windows Vista Business
• Windows Vista Home Basic
• Windows Vista Home Premium
• Windows Vista Starter
• Windows Vista Ultimate 64-bit Edition
• Windows Vista Enterprise 64-bit Edition
• Windows Vista Business 64-bit Edition
• Windows Vista Home Premium 64-bit Edition
• Windows Vista Home Basic 64-bit Edition
• Windows Server 2008 Datacenter without Hyper-V
• Windows Server 2008 Enterprise without Hyper-V
• Windows Server 2008 for Itanium-Based Systems
• Windows Server 2008 Standard without Hyper-V
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard
• Windows Web Server 2008

Back to the top

Keywords: 
kbnetwork kbinfo kbhowto kbexpertiseinter KB929847

 

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image