Windows 2000 Family

Windows 2000 Family

The Windows 2000 family of products originally shipped without built-in support for IEEE 802.11 and 802.1X. Additional support for 802.1X authentication for wireless connections for computers running Windows 2000 with SP3 or later is achieved by installing Microsoft 802.1X Authentication Client, a free download available at http://support.microsoft.com/default.aspx?scid=kb;en-us;313664, which allows computers running Windows 2000 to use IEEE 802.1X to authenticate network connections (including wireless). Microsoft 802.1X Authentication Client includes support for EAP-TLS, PEAP-MS-CHAP v2, and PEAP-TLS; and for the improved Smart Card Or Other Certificate Properties dialog box described in Chapter 5. However, because Microsoft 802.1X Authentication Client does not include the WZC service, configuration of 802.11 settings for wireless networks must be done using configuration tools provided by the wireless network adapter vendor.

When Microsoft 802.1X Authentication Client is installed, the Wireless Configuration service, which provides IEEE 802.1X support, is configured by default in a disabled state. Use the Services snap-in to set the startup value for the Wireless Configuration service to Automatic and then start the service. After the service is started, an Authentication tab is present on the properties of LAN connections in Dial-up And Network Connections. If the Authentication tab is present but is unavailable, the network adapter driver does not support 802.1X correctly. Contact your wireless network adapter vendor to obtain an updated driver.

The Authentication tab has the same settings as the Authentication tab for Windows XP (prior to SP1), except that Protected EAP (PEAP) is available as an EAP type.

NOTE
For the Windows 2000 Server family, Microsoft 802.1X Authentication Client also provides support for PEAP authentication (both PEAP-MS-CHAP v2 and PEAP-TLS) for the Internet Authentication Service (IAS) the Microsoft implementation of a RADIUS server. A computer running a member of the Windows 2000 Server family with SP3 or later, Microsoft 802.1X Authentication Client, and IAS can act as a RADIUS server that performs authentication and authorization for 802.1X-based wireless clients that use EAP-TLS, PEAP-MS-CHAP v2, or PEAP-TLS authentication types.

Figure 3-12 shows the Authentication tab for a wireless network adapter in Windows 2000.

Figure 3-12. The Authentication tab in Windows 2000.

To view the authentication status for the wireless connection, position the mouse pointer over the connection icon in the notification area of the desktop.

Microsoft 802.1X Authentication Client supports only one wireless network adapter at a time. Although it is technically possible to have a computer with more than one wireless network adapter installed, Microsoft 802.1X Authentication Client works with only one at a time.

NOTE
At the time of the publication of this book, additional Microsoft 802.1X Authentication Client packages for Windows 98/Windows Millennium Edition and Microsoft Windows NT 4.0 Workstation are available through the Microsoft Premier and Alliance Support organizations only to customers with Premier and Alliance support contracts. For details about obtaining the clients, please contact your Technical Account Manager (TAM). Microsoft 802.1X Authentication Client packages for Windows 98/Windows Millennium Edition and Windows NT 4.0 Workstation are not available for redistribution.