We are using PEAP, TKIP and IAS to authenticate against Active Directory.
Some computers are authenticating on our Wireless network ("Authenticate as computer when computer information is available" checkbox cheked).
What could be security issues ? What can "do" a computer authenticated on our wireless network before the user enter his credential ?
How can we avoid that our users check that checkbox ? Any way to avoid that computer authenticate ?

Thanks
(please reply to my email if possible)
Jean-Christophe

That's a *good* thing, you don't want to disable it!

By having the computer authenticate using its machine account, the computer
will process machine group policies, startup scripts, software installation
settings, software restriction policies -- all the same things that wired
computers do when then they authenticate to the domain.

This is the beauty of 802.1X (whether EAP-TLS or PEAP): wired and wireless
logons behave exactly the same.

Steve
(E-Mail Removed)



"Jean-Christophe" <(E-Mail Removed)> wrote in message
news:06DC6E4D-3B59-45B7-97BF-(E-Mail Removed)...
> We are using PEAP, TKIP and IAS to authenticate against Active Directory.
> Some computers are authenticating on our Wireless network ("Authenticate
> as computer when computer information is available" checkbox cheked).
> What could be security issues ? What can "do" a computer authenticated on
> our wireless network before the user enter his credential ?
> How can we avoid that our users check that checkbox ? Any way to avoid
> that computer authenticate ?
>
> Thanks
> (please reply to my email if possible)
> Jean-Christophe

That's a *good* thing, you don't want to disable it!

By having the computer authenticate using its machine account, the computer
will process machine group policies, startup scripts, software installation
settings, software restriction policies -- all the same things that wired
computers do when then they authenticate to the domain.

This is the beauty of 802.1X (whether EAP-TLS or PEAP): wired and wireless
logons behave exactly the same.

Steve
(E-Mail Removed)



"Jean-Christophe" <(E-Mail Removed)> wrote in message
news:06DC6E4D-3B59-45B7-97BF-(E-Mail Removed)...
> We are using PEAP, TKIP and IAS to authenticate against Active Directory.
> Some computers are authenticating on our Wireless network ("Authenticate
> as computer when computer information is available" checkbox cheked).
> What could be security issues ? What can "do" a computer authenticated on
> our wireless network before the user enter his credential ?
> How can we avoid that our users check that checkbox ? Any way to avoid
> that computer authenticate ?
>
> Thanks
> (please reply to my email if possible)
> Jean-Christophe