Wireless networking has slowly begun its acceleration
into becoming a must-have solution. It is the single fastest growing
network service within every enterprise network next to unified
communications. The days are slowly dwindling down for using security as
the excuse not to implement a wireless network. This is not to say that
security is not the main objection for implementing a wireless network.
On the contrary, wireless network security is the single largest
obstacle in implementing a wireless network.
Without going into detail on
802.11 wireless standards, the following sections discuss the basics
necessary for implementing mobile desktops using a wireless connection.
Once again, though, Windows Vista has made it exceedingly easy to
configure new wireless connections.
This discussion
of wireless connectivity focuses only on 802.11 wireless connections.
Although Windows Vista supports other types of wireless services such as
Bluetooth Personal Area Network (PAN) and Infrared (Ir) connectivity, these services are used primarily for connecting mobile devices
to the computer. Here, the concern is setting up wireless communication
between network devices to form a wireless local area network.
802.11 Wireless Standards
Windows Vista supports the
latest 802.11 standards. This section provides a quick review of the
802.11 wireless standards related to WLAN connectivity. These Wi-Fi (802.11 standards) are outlined in Table 1.
Table 1. 802.11 Wireless Standards and Descriptions
| 802.11 Standard | Description |
|---|
| 802.11a | Wireless standard using portions of the 5GHz frequency with maximum connectivity speeds up to 54Mb/s |
| 802.11b | Wireless standard using the 2.4GHz frequency with maximum connectivity speeds up to 11Mb/s |
| 802.11g | Wireless standard also using the 2.4GHz frequency with maximum connectivity speeds up to 54Mb/s |
| 802.11n | Wireless
draft standard with a theoretical maximum speed up to 250Mb/s+. Current
802.11n drafts support both the 2.4GHz and 5GHz frequencies. Allows
support for longer distances than 802.11A/B/G while also being
compatible with 802.11A/B/G devices. |
Caution
802.11n Still a Work in Progress
As of August 2007, 802.11n was still going through another draft stage.
Windows Vista even had troubles recognizing the radio type (802.11A/B/G
or /n). 802.11n networks appeared as an 802.11G radio type in some
dialog boxes. Search Microsoft’s website for article ID KB935279. The
recently released Windows Vista SP-1 addressed most of these issues.
Please view this article for further details:
technet2.microsoft.com/WindowsVista/en/library/005f921e-f706-401e-abb5-eec42ea0a03e1033.mspx.
The 802.11n draft standard
may have more changes to come. Tread slowly here before taking the
plunge with any one vendor’s product. More than likely, you will be
locked into that vendor even when the standard does arrive. Some experts
estimate that ratification for 802.11n will not come sooner than the
last quarter of 2008 or early 2009.
Wireless Basics
To create a wireless
connection from a Windows Vista desktop, you typically start by
selecting the notification window in the system tray that states
wireless networks have been discovered. Wireless networks use a Secure
Set Identifier (SSID) to uniquely name the wireless network. Windows
Vista uses the SSID as the network name. Wireless access points have the
ability to turn broadcasting on or off for the SSID.
There are two modes of wireless connections: infrastructure mode
and ad hoc mode. An infrastructure mode connection involves connecting
to an access point (AP) that has connections to wireless stations as
well as a wired network. This is also referred to as a Basic Service Set
(BSS). Ad hoc mode
involves wireless devices connecting directly to one another without
the use of an AP. Infrastructure mode is the mode most commonly employed
in enterprise networks.
Connecting to a
wireless network is a wizard-driven process. This process is described
in more detail later, but here’s the general idea. A new wireless
connection usually proceeds as follows:
1. | You are given a list of discovered wireless networks to select and begin the connection process.
|
2. | A wizard process begins that drives the configuration for the connection.
|
3. | The
wizard prompts you to type a password if the wireless network has
employed some security protocol to protect data transmission and
possibly network authentication to allow a connection to the wireless
network.
|
4. | You
are connected to the wireless network, and the Network Location
Awareness service begins its process of employing a network profile for
the new connection. You may be prompted to select a network location for
the connection profile.
|
Note
Wireless Discovery
If there appear to be more available networks to choose from when you
are selecting to connect to a network through the Connect to a Network
dialog box accessed from the network status icon in the system tray,
there are. Windows Vista, as opposed to previous wireless connectivity
implementations in Windows XP and Windows 2000, does not display
wireless networks that do not broadcast their Secure Set Identifier
(SSID).
In Windows Vista,
wireless networks that are not broadcasting their SSID appear as Unnamed
Networks. Not broadcasting the SSID is not a true security method; you
can see how easily Windows Vista can discover their presence as well as
many other available tools.
Managing Wireless Connectivity in the Enterprise
Users within enterprise
environments often make incorrect choices when it comes to administering
their own network connections. Because the scenario described in the
preceding section is quite typical of how easy it is to create a
connection, it is left up to the IT desktop administrator to choose
between ease of use and security. Certain features present in Windows
Vista, such as the wizards used to automate the configuration of a
network connection, also make it easy for a user to connect to an
unsecure or possibly illegitimate wireless network. Unscrupulous
individuals prey on a user’s naiveté for deciding which available
network to use.
Because Windows Vista makes it
easy to connect and configure wired and wireless networks, Microsoft
created Group Policies to disable some of these wizards. Microsoft still uses this name
within the user interface (UI) of Windows Vista. Group Policy for the
computer has two policies that manage the use of Windows Connect Now.
Managing Windows Connect Now services through Group Policy allows you to
enable or disable the Windows Connect Now wizards.
Opening the Group Policy Object Editor (GPedit.msc)
on the local Windows Vista computer, you can locate two Group Policy
settings affecting two wizards that use Windows Connect Now services.
Group Policies to Manage the Windows Connect Now Wizards
To locate these Group Policy settings, follow these steps:
1. | Click Start, type gpedit.msc in the Search bar, and open the MMC.
|
2. | To find the Windows Connect Now policies, click Computer Configuration > Administrative Templates > Network > Windows Connect Now.
|
When
you use the preceding steps to drill down to the Windows Connect Now
policies, the first listed policy on the right is Prohibit Access of the
Windows Connect Now Wizards. Figure 1
shows these policies. Enabling this policy disables use of two of the
Windows Connect Wizards. One of these wizards is the Add a Wireless
Device Wizard. You access this wizard by selecting Network from the Start menu. Figure 1 shows how to locate the Add a Wireless Device Wizard on the Network toolbar.
Figure 2
shows the location of the other Windows Connect Now Wizard affected by
the wireless Group Policy. You find the wizard named Set Up a Wireless
Router or Access Point by selecting the task option Set Up a Connection
or Network in the Network and Sharing Center.
You can make both of these wizards disappear by
enabling the Group Policy Prohibit Access of the Windows Connect Now
Wizards, as shown in Figure 3.
Caution
What Does “Enable” a Disable Setting Mean in a GPO?
Here is a friendly reminder about Group Policy settings. A Group Policy
setting configured as enabled on a policy that disables or prohibits
access to a feature for use ensures that the feature is unavailable for
use. Changing a Group Policy setting to disabled on the same setting
that disables or prohibits access to a feature actually ensures the
availability of that feature.
The second Group Policy
setting affecting Windows Connect Now services is the policy
Configuration of Wireless Settings Using Windows Connect Now. Found in
the same place as the previous policy, this Group Policy affects all
Windows Connect Now services over all types of media. With this Group
Policy (see Figure 4),
you can disallow the local user the use of Windows Connect Now services
over Ethernet (UPnP), Windows Portable Device (WPD) API, and USB Flash
drives.
In
addition, if you disable the Group Policy Configuration of Wireless
Settings Using Windows Connect Now, you effectively disable all WCN
services. Leaving this policy at its default—the setting Not
Configured—allows the use of all WCN services.
Creating a Wireless Connection from an Available Network
In using these policies, it is
worth noting that you are still able to create wireless connections
with a little extra effort. Even less effort is needed when Windows
Vista discovers wireless networks. This section runs through this
scenario even with the Windows Connect Now wizards disabled by Group
Policy.
By moving your mouse cursor
over the network status icon in the system tray, you are able to select
one of the available networks. After selecting the network name, you are
pulled into the Connect to a Network Wizard. Figure 5 shows how to select the available wireless network from the list.
After selecting the available network and clicking Connect, you are asked to supply the passphrase. Windows Vista even knows that it is a Wi-Fi Protected Access (WPA)-personal passphrase (more on this in the next section). Figure 6 shows how to enter the passphrase into the Connect to a Network Wizard.
After
entering the passphrase into the appropriate location in the dialog
box, you then select to connect to the wireless network. Figure 7 shows the connection attempt being performed.
Finally, Figure 8
shows that the connection was made successfully. You are given the
option to save this connection for later use. You also can select
whether you want to connect automatically to this wireless network the
next time it is available.
Although this example
demonstrates an obvious hole in managing wireless connectivity through
Group Policy, you should understand the point of the preceding WCN Group
Policies. These policies were designed to further restrict the user to
connecting only to established wireless networks within the environment.
If you are faced with laying down restricted access to wireless
connections, these policies affecting WCN wizard access are the best
thing going. Also note that there is a corresponding Group Policy in
User Configuration for the policy Prohibit Access of the Windows Connect
Now Wizards. In addition, there are the local Group Policies. There are
far more wireless Group Policies available through Active Directory
that offer granular control of wireless settings. From these Group
Policies, every aspect of a wireless connection can be controlled.
