cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
339
Views
0
Helpful
5
Replies

Aironet client and GPO in Windows 2000

kernalx69
Level 1
Level 1

Hi

I trying to make policy work under windows 2000.

I downloaded the latest version 2.6 of aironet client driver for CB21AG and PI21AG but it still doesn't work.

In the release notes it says that there is a hotfix for delaying the policy and there is a link to the file but it the file doesn't exist.

The link is:

http://www.cisco.com/pcgi-bin/tablebuild.pl/aironet_hotfix

Where can i find it ?

5 Replies 5

mchin345
Level 6
Level 6

What security opiton are you using. The GPO does not work with LEAP authentication. Try using PEAP authentication it should work.

I am using PEAP.

But i can't make GPO work with either 2000 or XP.

Manual GPO update works (Gpupdate).

Wired connection works well to.

I have tried several policy options that should help but it doesn't.

I am having similar problems. I'm using WPA/WPA2 and PEAP with Machine Auth before login. I'm playing around with different options and "Group Policy Delay" times. If anyone is using WPA+PEAP and is having GPOs apply successfully upon boot, I would appreciate some guidance.

thanks!

I have the same configuration.

I have tried this:

Changing Policy "Group Policy slow link detection" but it did not help.

I have also tried Policy "Always wait for the network at computer startup and logon" but it did not help either.

And many other possible and not possible solutions.

If i do a manual update (Gpupdate) it works perfectly.

It's just at the logon time the GPO not works.

Okay. I've found a solution to the Group Policy problems I was having, but it's a little lengthy. I found some of the answers by searching though netpro security posts since half of the battle lies in a correct ACS configuration (or whatever flavor of RADIUS you're using).

To start off, I didn't have an external database mapping for my Domain Computers. I'm using PEAP & WPA2 and "Computer Authentication" was enabled for PEAP in the ACS server, but it still didn't work correctly until I mapped the "Domain Computers" account to an ACS group with access to the SSIDs in question. Moving along...

All my devices were using the Cisco CB21AG cards. The thing I really got stuck on was using the Cisco suupplicant vs. Windows XP zero-config. In my experience, Group Policy DOES NOT WORK with the Cisco supplicant. I uninstalled it and just installed the card driver, set everything back up correctly and enabled computer authentication. Use group policy or local policy to enable the "Always wait for the network at computer startup and logon" (Computer Config->Admin Templates->Logon). This fixed the majority of the problems, but there is still one major step. This is somewhat dependent on PC/network card, but if the card is not initialized within 10 (?) seconds of Windows XP booting, computer group policy will not come down, which include software installation settings. Edit or create the following registry key of type DWORD:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

Set it somewhere between 30 to 60, decimal. This is he timeout in seconds that windows will wait for the network to come up before pulling down computer group policy. You may also find this key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, but Windows will always use the above key if it exists.

Whew! I hope someone finds this useful because it took me a LONG time to put all the pieces together.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: