So it has been a little over three months since I last posted, and having left off before starting to explain a simple WPA Enterprise implementation, I will now continue.

I’ll assume you already have a Domain Controller setup with a Certification Authority, and Internet Authentication Service, since that will be the key around authenticating our users and computers.

So, let’s start with setting up our AD. We’ll create two security groups, one for authenticating computers, and another for authenticating users against the wireless network. We can add our Computer objects and User objects from AD to the respective groups.

Next, we’ll configure IAS Policies. Open the Internet Authentication Service console, then right click on Remote Access Policies and click on New Remote Policy.

We can use the Wizard, as it asks the right questions to get this working quick.

• Name the policy as Wireless Users, and click Next.
• Click on Wireless and Next.
• Select Group and then click Add. Browse for the group we created for Wireless Users in AD, then click Next.
• Select the EAP type for the policy as Protected EAP (PEAP).
• Finish the wizard.

Repeat the steps above, but this time, create a policy for authenticating the computers instead of users. After that is done, we’ve got the IAS policies in place that’ll allow domain users to use the wireless network.

On my next post, we’ll need to setup an association, then configure our AP, and then use Group Policy to our advantage: Automate the deployment of our root certificate and wireless access.

By the time we’re done with all the steps our users will have wireless access as soon as the computer joins the domain and you authorize them. No keys!!!!