Wireless networks make it possible for network users to access data and resources from multiple locations without relying on a physical connection to the network. The large number and variety of wireless clients and the potential security risks that they pose make it important for administrators to enhance data protection and to prevent unwanted clients from accessing the network. Certificates issued and supported by a Microsoft certification authority (CA) can enhance the security of a wireless network with strong certificate-based authentication and encrypted communication between clients and network servers.

Task Reference

Set up additional subordinate CAs. (Optional)

Install a Subordinate Certification Authority

Install and configure certificate templates, including the RAS and IAS Server, Workstation Authentication, and User certificate templates.

Managing Certificate Templates (http://go.microsoft.com/fwlink/?LinkId=142230)

Configure certificate enrollment.

Set Up Automatic Certificate Enrollment (http://go.microsoft.com/fwlink/?LinkId=142235)

Deploy RAS and IAS Server certificates.

Deploy a CA and NPS Server Certificate (http://go.microsoft.com/fwlink/?LinkID=141788)

Configure 802.1X wireless clients by using Group Policy.

Configure 802.1X Wireless Clients Running Windows Vista with Group Policy (http://go.microsoft.com/fwlink/?LinkId=141790)

Configure 802.1X wireless access points as Remote Authentication Dial-In User Service (RADIUS) clients in Network Policy Server (NPS).

Add a New RADIUS Client (http://go.microsoft.com/fwlink/?LinkId=141791)

If you want to perform authorization by group, create a user group in Active Directory Domain Services (AD DS) that contains the users who are allowed to access the network through the wireless access points.

Create a Group for a Network Policy (http://go.microsoft.com/fwlink/?LinkId=141794)

In NPS, configure one or more network policies for 802.1X wireless access.

Add a Network Policy (http://go.microsoft.com/fwlink/?LinkId=141792)

Create Policies for 802.1X Wired or Wireless with a Wizard (http://go.microsoft.com/fwlink/?LinkId=141793)