New Wireless Improvements in Vista

There have been dozens of wireless improvements in Windows Vista over previous Windows versions. Here's a brief cap of the most significant ones.

• Wireless configuration is integrated into the new Network and Sharing Center versus having to configure under the wireless network adapter.

• Wireless networks can be configured per user or for all users on the machine. Per-user wireless profiles are disconnected when the user logs off.

• Separate wireless profiles can be configured for the network standard profile and the domain profile, so different security can be configured when the machine is attached to its home Active Directory domain and when away.

• Wireless networks that don't broadcast their SSID can not be added to the list of Preferred Networks. The SSID value of non-broadcasted networks shows up as Unnamed Network. In previous Windows versions, non-broadcasted networks could be used, but could not be added to the Preferred Network list. This became problematic if the involved computer needed to connect to a non-broadcasted wireless network when it was also in the range of a broadcasted wireless network. The computer would always connect to the broadcasted wireless network first, and the computer would then have to be disconnected and then re-connected to the non-broadcast network.

• Users will be prompted to confirm whenever connecting to an unsecured network. This continues a behavior added to Windows XP Pro with SP2.

• The Network Connection wizard will list all the security methods supported by the wireless network adapter (for example, WPA2, WEP).

• Native WPA2 support was added. In Windows XP SP2, WPA2 support was added with an additional WPA2 client program.

• WPA2 authentication options can be configured using group policy.

• Using group policy, you can define a whitelist or blacklist of allowed or denied SSID names. Blacklisting could be useful when several unauthorized broadcasting wireless networks are all in reach of the computer or to prevent laptops from connecting to unsecured home systems that have not been configured and are still using default SSIDs.

  Note

  Windows Server 2003 Active Directory schema must be extended to handle new wireless group policy settings.

• Better group policy application over wireless scenarios. In previous Windows versions, many group policy settings would not apply over wireless connections.

• As discussed previously, when no preferred networks are found, Vista creates a random SSID wireless network on the client (as before), but the client will be placed in passive listening mode and does not broadcast its new random SSID. Inbound connections are not allowed.

• WPA2-Enterprise connections can be integrated with 802.1X Network Access Protection services.

• Default security protocol for 802.1X wireless connections is PEAPMSCHAPv2. Prior Windows versions used weaker EAP-TLS.

• Enhanced EAP architecture (called EAPHost) allows additional EAP types to be added more easily, allows network discovery, and will allow multiple EAP methods and vendors to co-exist without overwriting the other.

• Command-line interface for wireless configuration (i.e., Netsh wlan).

• Improved wireless diagnostics tools, APIs, and event logging.

If you want more information on Vista's new wireless security improvements, visit http://www.microsoft.com/technet/network/evaluate/new_network.mspx.