Server 2016 || Create Wireless Policy to Automatically Connect Laptops

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] welcome to ite assistant in this video I'm going to be showing you how to create a wireless GPO policy that will connect your domain laptops to the wireless network automatically to get this working you are going to need a few things you're going to need a domain controller you're going to need a wireless access point you're going to need a working network and of course you're going to need a client to connect so if you're ready let's go ahead and get started in my scenario I'm using Server 2016 this should work on 2012 r2 2012 and 2008 r2 first thing you want to do is install a couple of roles so we're going to open up the server manager and we're going to install the certificate authority service we're going to add all the default features include management tools Lynch's tip next next we're just going to use certificate authority and we're going to install so wait for this to finish and then come on back okay it looks like the role has been installed we can go ahead and close this window should see a notification up here and you'll see post deployment configuration so we're going to go ahead and click that so we can finish configuring our certificate authority server so let's go ahead and use the credentials that were already logged into this is just the missionary account just make sure that this is a domain admin that you're using to authenticate the certificate authority we're just going to choose sticketh aura tea we're going to use enterprise CA this is going to be a root certificate authority we're going to create a new private key and we'll just leave the defaults that looks fine we'll just leave all the same we'll just leave that default also so once we're done we'll hit configure and we're done so the next thing we have to do is we have to add a network policy server and what this is going to do is it's going to be used to authenticate our computers and users using radius so what we're going to want out of this list is down here says network policy in access services and we're going to restart if we have to and then click install and then we're going to wait for this to finish all right now let the network policy and access services have been installed with how a reboot we can just sit closed so now that we have our roles installed we can go ahead and start configuration so why I like to start is setting up the wireless access point exactly the way you want it after you log into your wireless access point we are going to change some wireless configuration you're going to want to go to the wireless security part of your access points configuration in my case that's at the bottom here you can see about my security set to wpa2 TK IP and my WPA authentication is EAP this is important because it changes my wireless access security from WPA personal to WPA enterprise and you're probably going to see enterprise in your scenario for the off server IP for asking for the radius server or where the radius server is going to be and in our situation it's going to be the domain controller our domain controller is 192.168.1.2 so for our wireless access point that's the authentication server IP and the port is set default to 1812 go ahead and leave that and the authentication server secret you can choose whatever one you'd like I just chose something simple pass one two three four five everything else looks good I should also make special note that before I change my authentication to wpa2 Enterprise I had it in wpa2 personal and this was a working access point which means wireless devices such as phones laptops they could connect no problems and get on the internet if you're having any issues at first get it set up to be a working wireless access point and then you can change the authentication we want to notice my SSID it's on secure wireless this is going to be important later on everything else we don't have to worry about for our configuration or our group policy if you're done with that go ahead and save your changes to your wireless access point and then we will move on so before we get to configuring the radius server I'm going to show you just a little bit about the expert directory environment has set up so you can see I'm on test dot local I have a test organizational unit nav a laptop below you and in it I have my test laptop that I'm going to be connecting to this wireless access policy you'll see that I created a security group called Wi-Fi and of course I've got the test user that's going to be used to log into this account so we can do our test so just very simple setup this is all you really need so what I'd like to do next is set up the radius server this is going to handle the authentication so if you just open up our Start menu we go to windows administrative tools then we're going to go ahead and open Network policy server and as you can see the network policy server has not been configured it's just kind of a blank slate for us there's a few things that have automatically been created but what we're interested in is going to the MTS local I'm going to right click it you want to register the server and Active Directory that gives the server the authority to honor requests for authentication and it should be grayed out that means you know that you did it right and what we're concerned about right now is setting up a radius client and the radius client is going to be the access point so let's go ahead and right click on radius clients we're going to do new and we're going to make sure it's enabled just give it a friendly name we're going to enter in the IP now if you want to do it by DNS name you can enter the DNS name here and then hit verify we'll make sure it gets the right IP now down here we're going to enter the shared seeker this is the one that we entered into the access point if I click generate it will actually show me what I just entered you can generate a random key if you click the generate button but we're just going to leave this on manual since this is what we entered into our access point you want to keep it the same under advanced we're just going to make sure it says radius standard we're going to hit okay and now we've created our first radius client which is the access point now the next thing we have to do is we have to create a connection policy so just to recap really fast the radius client is what device is going to be connecting that would be the access point of course and now the policy has to be defined to let us know who is actually allowed to connect so if you go to the connection request policy as you see there's a default one in there you can just leave that one what we're going to do is are going to create our own so right click go to new and I'm just going to name this one secure wireless connections we're going to leave the type as unspecified hit next now we're going to be adding a condition we're going to scroll down till we see Nazz port type you have to identify the Naza part that we're going to be using we're going to be using of course wireless or wireless other and the wireless other is at the bottom of this list if you just pull this slider down hit OK and now we've created our condition that's it next we're going to choose authenticate request on the server and we are not going to override the network policy authentication settings these settings we can just leave default and then we're going to finish the other thing I want to do now I actually want to move this up so this policy becomes number one in the processing water now you have a secure wireless connections policy basically what this policy does is allows wireless computers or wireless laptops to request authentication so after we're done creating the secure wireless connections connection request policy we need to create a network policy we're just going to right click and choose new like we did before and for this policy name I am also going to name it secure wireless connection once again the type of network access server is unspecified okay next and under the specified conditions we're going to go ahead and click Add where and choose windows group and add a group and this is the Wi-Fi group that I showed you earlier and active directory security groups it okay we're going to add one more condition we're going to add the same condition that we added last time which is wireless other and wireless I Tripoli 802 911 ok we're going to grant access of course next and it's going to say ok what kind of authentication are we going to allow choose EAP we don't have to add any other additional with the Add button but we do want to leave these four checkboxes checked we're hit next here we can set idle timeout session timeout day and time restriction and for the NAT support type we actually don't have to specify here because we did that with their other policy so we'll hit next and we can leave all these on default no changes need to be made here let's sit next and we can hit finish once again I like this policy to be number one in the processing order so I'm just going to move it up until it's in a number one position so we are done configuring the radius server so let's go ahead and look at Active Directory really fast so we have a laptop and if you look at the member it's already member of the Wi-Fi group it's not you can just hit add choose your Wi-Fi group and I'm also authenticating a user area season in the Wi-Fi group so Active Directory is all set the last thing we have to do is we actually have to create the group policy then we just go to Administrative Tools since this is the domain controller it already has your policy management installed so here's our group policy management and of course we have the test do--you and this is where the laptop is and right now we have no policy applied so let's go ahead and create one we're going to right click create GPO in this domain and link it here let's just name this Wi-Fi right click it go to edit under computer configuration go to policies windows settings and we're going to go to security settings we have wireless network policies so if we right-click we're going to create a new wireless network policy if in Windows Vista or later releases I'm just going to name this test wireless network you can add a description here if you'd like make sure this check box is marked and now it's time to add a profile we're going to click add infrastructure now let's name the profile I'm just going to name it test now it's time to add the SSID that was in our wireless access point so our SSID is secure wireless it's important to type it exactly how it is in your wireless access point including capitals or spaces or any other special characters so once we have this typed exactly how it is in AP we're going to add clearly these two check boxes marked I'm going to click on the security tab under authentication we're going to use wpa2 and and for the encryption if you remember this is TK IP we are using EAP for the authentication method in the access point we're going to do one more thing with that click properties and we're going to scroll all the way down and we're going to find our certificate authority that we just installed actually going to check all of them sometimes it shows up more than once in this list these are the only ones we have to check we can leave the rest of these on the default we're going to hit OK under the authentication mode I like to leave this on user or computer and this is the reason that we added both the user and the computer to the Wi-Fi group here's why when we click advanced we have an option called single sign-on so if I check this what it'll do if it's a domain computer it will already look for the wireless access point you can connect and then any user even if they have never logged into the laptop before can go ahead and login so that's why I like to add the computer to the authentication group also for now I'm just going to uncheck that we don't really need that in our situation the reason I do the user is because sometimes people have to connect to the access point that are not connecting from a domain computer so like your Android phone or if you have a non domain laptop and you still want to use this Wi-Fi network well you're going to have to authenticate with a username and a password that's been given access so somebody that's in the Wi-Fi group so that's why I leave user and computer authentication on both of those once this is done hit OK and hit OK once the wireless policy has been created there's one last change to make in this group policy click on public key policies we're going to change the properties of all three of these at the bottom open the properties change this to enabled check these two boxes and press ok open properties on the next one define these policy settings include both checkboxes and for the final change we enable this and press ok basically as long as you put the laptop in this organizational unit in Active Directory and as long as it's in this group that we created should connect automatically now let's open up the firewall port on the server search for and open Windows Firewall with advanced security under inbound rules we're going to make a new rule rule type is poor TCP port 1812 the same one specified than the access point allow it on domain networks only now let's create an identical outbound rule and you're done with the firewall there's one last thing you have to do in order for this to work all you have to connect to the wired network in order to get the coop policy so let's go ahead and do that now so now here we are on a domain join laptop as you can see I'm connected to the wired network and the reason is because I need to get this new group policy that we just created so that my laptop will connect to the wireless so we're just going to open up fan prompt we're just going to type gpupdate and the policy should be updated looks like the user and the computer policy of both completed successfully so now let's go ahead and turn on the Wi-Fi and see if we automatically connect and I'm going to turn on this wireless adapter that I turned off before let's see what happens as you can see we are connected to the test network this is the name of the profile that we've created earlier now we're connected as a domain laptop and it will automatically connect whenever the networks in range you no longer have to give anyone the pre shared key for your wireless password and if you want anyone that doesn't have a domain computer to connect you just have to set them up with the user account in Active Directory add them to the Wi-Fi user group and they'll be able to connect with their Android or non domain computer I hope this video helped you guys and if it did please leave a like below share and subscribe if you would be so kind and if you're still having problems then continue to watch this video because what I'm going to do for all of you the I took screenshots of every single part of my configuration even the menus that I didn't show you in this video so I want you to look at the screenshot of the entire setup and compare it with your settings now if you're working for you great you can stop watching this video now I really appreciate it but for those of you still having problems continue to watch and look at all my settings so might help you thanks guys and we'll see you next time [Music] you [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] [Music] Oh [Music] [Music]
Info
Channel: IT Assist
Views: 22,633
Rating: undefined out of 5
Keywords: Server 2016, Wireless, Group Policy, Connect, Automatically, GPO, RADIUS, Active Directory, Access Point
Id: -wY_52F5S9E
Channel Id: undefined
Length: 24min 59sec (1499 seconds)
Published: Tue Apr 25 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.