User's Manual

ManualsBrandsCisco Systems ManualsComputers & Accessories802.11 a/g Cardbus Adapter

111

112

113

114

115

116

117

118

119

120

5-44

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide

OL-4211-05

Chapter 5 Configuring the Client Adapter

Setting Security Parameters

Step 16 If you want to change the value of the Group Policy Delay parameter, enter a new value or use the up

and down arrows to select a value between 0 and 65535 seconds. (Microsoft supports only values

between 30 and 600 seconds. The default value is 60 seconds.)

The Group Policy Delay parameter specifies how much time elapses before the Windows logon process

starts Group Policy, a Windows feature used by administrators to specify configuration options for

groups of users. The objective is to delay the start of Group Policy until wireless network authentication

occurs. The value that you set for this parameter goes into effect after the computer reboots with this

profile set as the active profile.

Note A Microsoft hot fix is required in order to use this parameter on computers running Windows

2000. Refer to the “Installing a Microsoft Hot Fix for Group Policy Delay” on page 3-21 for

information on obtaining and installing the hot fix.

Step 17 Click OK to save your settings and return to the Cisco Aironet Desktop Utility (Profile Management)

window.

Step 18 Refer to Chapter 6 for instructions on authenticating using EAP-FAST.

Enabling EAP-TLS or PEAP

Before you can enable EAP-TLS or PEAP authentication, your network devices must meet the following

requirements:

• You must have a valid Windows username and password, and the password cannot be blank.

• The appropriate certificates must be installed on your computer. EAP-TLS requires both a

Certificate Authority (CA) certificate and a user certificate while PEAP requires only a CA

certificate.

Note Contact your system administrator if you need help obtaining and importing the necessary

certificates.

• To support EAP-TLS machine authentication with machine credentials:

–

A machine certificate must be obtained from the server, and client machine access must be

enabled on the server.

–

Permissions for the MachineKeys folder, which stores the certificate pair keys for both the

computer and users, must be set correctly. Refer to Microsoft knowledgebase article Q278381

for information on correctly setting up folder permissions:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q278381

Note If you ever change permissions on higher-level directories and those settings are applied

to all subdirectories, you may need to reset the permissions for the MachineKeys folder.