Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, May 29, 2019 1:20 PM
We have an issue with our predefined wireless profile on Win 10 (version 1809, build 17763.504). This profile worked fine in Win 7 and was defined through Group Policy (Computer Configuration - Policies - Windows Settings - Security Settings - Wireless Network (IEEE 802.11) Policies). It is set to connect automatically and uses a machine cert for authentication. I have confirmed that the cert is installed on the machine.
On the Win 10 machine, as long as the logged on domain user account is a member of the local Administrators group on the computer, we can connect to this wireless network. For a standard user, one that is NOT a member of the local Administrators group, we can not connect. I can click on the Connect button and immediately after "Checking network requirements" it returns a message of "Can't connect to this network".
If the domain user account has local admin privileges, the connection initially shows an "Action needed" message. When I click on Connect, it will connect and then opens IE to the MSN website. After that, all is well. We can browse the web and our network.
What we want is the wireless profile to auto-connect for all domain users and to NOT open any browser. Any ideas on why this now requires local admin access?
All replies (7)
Thursday, June 6, 2019 12:02 PM âś…Answered
The short answer is this has been resolved.
The long answer is there are two policies required in our environment. The first is defined above to create the profile. The second is defined in Windows Settings-Security Settings-Public Key Policies-Trusted Root Certification Authorities. Basically, the certs were getting to the machine which allowed the attempt to connect to the wireless profile. However, authentication wasn't happening because the client didn't recognize our own root CA as one that was trusted. Once that was put in place, the client was able to use the certs delivered by our domain PKI policy.
Friday, May 31, 2019 6:24 AM
Hello,
To better understand our question, please confirm the following information:
- Whether we link the GPO to domain or OU?
- If we link the GPO to one OU, are Win 7 and Win 10 in the same OU?
- Or if the Win 7 and Win 10 are in different OUs and we link the same GPO into the OUs?
Meanwhile, we can check if we deploy and configure it correctly according to Wireless Access Deployment.
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, June 3, 2019 7:07 AM
Hi,
If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, June 3, 2019 12:54 PM
Thank you for responding.
The policies are linked to the OU. We have separate OUs for Win 7 and Win 10. We are trying to create new policies for Win 10 for a host of reasons otherwise I'd just stick the Win 10 machines into the old OU and call it a day.
The policies that applied to the Win 7 machines were written some time ago and all individual policies are grouped into one gigantic GPO. I would like very much to know in what areas to look so as to narrow down the list of possibilities to carry over to the newly created Win 10 policies.
I hope this makes sense.
Tuesday, June 4, 2019 9:26 AM
Hi,
Do we link the same GPO with Wireless Network (IEEE 802.11) to the following OU?
Computer Configuration -> Policies -> Windows Settings -> Security Settings - Wireless Network (IEEE 802.11)
OU with Win 7 machines
OU with Win10 machines
If so, we can logons Win 10 client with standard user, then try to connect the Wireless Network, if it fails, we check the error message related to "Can't connect to this network" in Event Viewer.
We can provide the Event message.
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, June 6, 2019 8:27 AM
Hi,
I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, June 10, 2019 7:16 AM
Hi,
Thank you for your update and sharing. I am so glad that the problem has been resolved.
As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you!
Have a nice day!
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].