Wilson, First, thanks for the suggestion. When I started spent a long time looking at non-Microsoft solutions, because I wanted to avoid updating about 100 laptops from W2K to XP-SP2, but I discarded most of them a long time ago, for a number of reasons.
Firstly having already being bitten by 3-COM withdrawing support for their TLS security means that a Vendor solution is not really acceptable, which did not leave much at all. Secondly, as far as I can tell non of them can use the machine credentials to authenticate, so the machine is not on the network until a user logs on. This means policies don't get applied and logon scripts don't run. Then when the user does log on, they don't use the existing credentials, the user needs to re-enter their password to authenticate with the Radius server. (The network teap specified PEAP with Domain Credentials using existing radius servers.) On top of that whilst a large percentage of the systems are IBM we also have a number of non-IBM machines Compaq and Toshiba for example. We also have a large number of IBMs with 3-COM cards (bought to work with our previous security system) which the IBM Software does not manage. I did check out the 3com software and on Windows/XP I could not even get it to work with PEAP and MS-CHAPV2 as specified by the network Team so reverted to the Wireless Zero Config..... Dave. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wilson chang Sent: 12 September 2006 20:57 To: [email protected] Subject: Re: [ActiveDir] Locking Down Wireless Dave, Are you averse to a non-Microsoft approach? I ask because depending on the make/model of your laptop and/or wireless card, there may be other options. For example, ThinkPads come with the Access Connection Manager - an applet that controls a great many detailed configuration settings pertaining to both wired & wireless connections. Specifically, there's an option to only allow Administrators to change settings. Once a connection profile is setup, end users will only be offered those predefined sites and no others! Of course, if the users are local admin ... yada yada yada :-) I believe the Intel ProSet software package also includes similar functionality. There may be others, but these 2 are ones I've used before. Each one also has the ability to import/export the connection profiles, as to facilitate larger rollouts. Thanks, Wilson On 9/12/06, Dave Wade <[EMAIL PROTECTED]> wrote: > > Have I missed something in the "new" XPSP2 wireless configuration > stuff. As far as I can see you can't prevent users connecting to > non-preferred networks, even with Policy lockdown. Even if you hide > the networks page on the adaptor, when the user is in a location where > this no network, the connection wizard still pops up. Any one any solution to this? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. As a public body, the Council may be required to disclose this email, or any response to it, under the Freedom of Information Act 2000, unless the information in it is covered by one of the exemptions in the Act. If you receive this email in error please notify Stockport e-Services via [EMAIL PROTECTED] and then permanently remove it from your system. Thank you. http://www.stockport.gov.uk ********************************************************************** List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
