This checklist provides the tasks required to deploy 802.1X wireless access points with Network Policy Server (NPS).

Task Reference

Install and configure 802.1X wireless access points on your network.

RADIUS Server for 802.1X Wireless or Wired Connections and your hardware documentation

Determine the authentication method you want to use.

RADIUS Server for 802.1X Wireless or Wired Connections; Certificate Requirements for PEAP and EAP; EAP Overview; PEAP Overview; and your hardware documentation

Autoenroll a server certificate to servers running NPS or purchase a server certificate.

Deploy a CA and NPS Server Certificate and Obtaining and Installing a VeriSign WLAN Server Certificate for PEAP-MS-CHAP v2 Wireless Authentication on the Microsoft Download Center at

If you are using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS) without smart cards, autoenroll client or computer certificates to domain member client computers.

Deploy Client Computer Certificates and Deploy User Certificates

Configure 802.1X wireless access clients by using the Group Policy Management extension, Wireless Network (IEEE 802.11) Policies.

Configure 802.1X Wireless Access Clients by using Group Policy Management

Configure 802.1X wireless access points as Remote Authentication Dial-In User Service (RADIUS) clients in NPS.

Add a New RADIUS Client and RADIUS Client

Create a user group in Active Directory® Domain Services (AD DS) that contains the users who are allowed to access the network through the wireless access points.

Create a Group for a Network Policy

In NPS, configure one or more network policies for 802.1X wireless access.

Add a Network Policy; Create policies for 802.1X Wired or Wireless with a Wizard; and Network Policies