Windows XP (Prior to SP1)

Windows XP (Prior to SP1)

Unlike previous Windows versions, Windows XP includes built-in support for IEEE 802.11 wireless LAN networking with the following features:

• Wireless network adapter support

• Roaming

• Wireless Zero Configuration service

• IEEE 802.1X authentication

• Wireless network configuration user interface

Wireless Network Adapter Support

For Windows XP, Microsoft partnered with 802.11 network adapter vendors to improve the configuration and connection experience by automating the process of configuring the network adapter to associate with an available network, which is done by the Wireless Zero Configuration (WZC) service (described in detail later in this chapter). To support the WZC service, wireless network adapter drivers had to be updated for Windows XP.

The wireless network adapter and its Network Driver Interface Specification (NDIS) driver must support additional NDIS facilities that are used to query and set device and driver behavior. The wireless network adapter scans for available wireless networks and passes the network names (also known as Service Set Identifiers [SSIDs]) to the WZC service.

Roaming Support

The media sense feature originally included in Windows 2000 was enhanced in Windows XP to detect when the wireless client moves within range of a new wireless access point (AP). This process forces a new authentication with the new wireless AP. Along with reauthentication, a Windows XP wireless client also performs a DHCP renewal of the IP address configuration for the wireless network adapter. Within the same Extended Service Set (ESS) a subnet the IP address configuration does not change. When the Windows XP wireless client crosses an ESS boundary to a new subnet, the DHCP renewal obtains a new IP address and configuration relevant for that subnet.

Through Windows sockets extensions, network-aware applications are notified of changes in network connectivity and can update their behavior based on these changes.

Wireless Zero Configuration Service

The Wireless Zero Configuration (WZC) service dynamically selects the wireless network to which a connection is attempted, based either on configured preferences or default settings. This process includes automatically selecting and connecting to a more preferred wireless network when it becomes available. If none of the preferred wireless networks is found nearby, the WZC service configures the wireless adapter so that there is no accidental connection until the wireless client roams within the range of a preferred network.

You can use the Services snap-in (available in the Administrative Tools folder) to view the current status of (as well as stop, start, and restart) the WZC service. You can also manage the WZC service from the command prompt by using the Net command. For example, to stop the WZC service, type net stop Wireless Zero Configuration at a command prompt.

NOTE
The WZC service in Windows Server 2003 is named the Wireless Configuration service.

How the WZC Service Works

The WZC service minimizes the configuration that is required to access wireless networks and allows you to travel to different wireless networks without reconfiguring the network connection settings on your computer for each location. For the initial scan of available wireless networks, the WZC service performs the following process:

1. The WZC service attempts to connect to the preferred networks that appear in the list of available networks in the preferred networks preference order.

2. If there are no successful connections, the WZC service attempts to connect to the preferred networks that do not appear in the list of available networks in the preferred networks preference order. Thus, it can connect even when the wireless APs are configured to suppress the beaconing of the SSID of the wireless network.

3. If there are no successful connections and there is an ad hoc network in the list of preferred networks that is available, the WZC service tries to connect to it.

4. If there are no successful connections, and there is an ad hoc network in the list of preferred networks that is not available, the WZC service configures the wireless network adapter to act as the first node in the ad hoc network.

5. If there are no successful connections to preferred networks, and there are no ad hoc networks in the list of preferred networks, the WZC service determines the Automatically Connect To Non-Preferred Networks setting (located on the Wireless Networks tab of the wireless network connection).

6. If the Automatically Connect To Non-Preferred Networks setting is disabled, the WZC service creates a random network name and places the wireless network adapter in infrastructure mode.

   This behavior prevents the Windows XP wireless client from accidentally connecting to a wireless network that does not appear in the list of preferred networks. You then see the One Or More Wireless Networks Are Available message in the notification area. The wireless adapter is not connected to any wireless network, but continues to scan for preferred wireless networks every 60 seconds.

7. If the Automatically Connect To Non-Preferred Networks setting is enabled, the WZC service attempts to connect to the available networks in the order in which the wireless adapter sensed them.

   If all connection attempts fail, the WZC service creates a random network name and places the wireless network adapter in infrastructure mode. You then see the One Or More Wireless Networks Are Available message in the notification area.

For subsequent scans, the WZC service determines whether there are any changes in the wireless environment that require switching the connection. If the Windows XP wireless client is already connected to a wireless network and there is no other preferred network higher in the preference list that has not been attempted already, the WZC service maintains the existing connection. If the Windows XP wireless client is already connected to a wireless network, but a more preferred wireless network becomes available, the WZC service disconnects from the currently connected wireless network and attempts to connect to the more preferred wireless network.

The operation of the WZC service provides the following:

• The first time a wireless adapter is added to a computer running Windows XP and a wireless network is available, the WZC service prompts you with the One Or More Wireless Networks Are Available message in the notification area, which leads you to select a wireless network in the Connect To Wireless Network dialog box.

  After you select a wireless network and the connection is successful, the selected network is automatically added as a preferred network, and you are no longer prompted with the One Or More Wireless Networks Are Available message whenever you are within range of it.

  For an organization, this is the typical process for configuring the initial connection to a private wireless network. After the initial configuration, the WZC service connects (and then maintains the connection) to the organization s wireless network.

  When you take your laptop computer to your home wireless network, to an airport, or to another location with public wireless access, the WZC service first attempts to connect to your preferred network. When that connection attempt fails, you are prompted again with the One Or More Wireless Networks Are Available message to connect to your home wireless network or to the public access wireless network.

• If there are two preferred wireless networks, and the most preferred one is not initially available, the WZC service configures a wireless connection to the next most preferred network. When the most preferred network eventually becomes available, the WZC service automatically switches the wireless client connection to it after the next scan.

• If there are no preferred networks in the list of those available, the WZC service attempts to configure connections to the preferred networks in their configured order, in case the wireless APs for the wireless network are configured to prohibit the beaconing of their SSID.

IEEE 802.1X Authentication

Windows XP supports IEEE 802.1X authentication by using the Extensible Authentication Protocol-Transport Level Security (EAP-TLS, enabled by default) or EAP-Message Digest 5-Challenge Handshake Authentication Protocol (EAP-MD5-CHAP) authentication method for all LAN-based network adapters, including Ethernet and wireless.

More Info
For more information about 802.1X authentication, see Chapter 2, Wireless Security. For more information about EAP, see Chapter 5, EAP.

Wireless Network Configuration User Interface

The wireless network configuration user interface for Windows XP consists of the following, discussed in the following sections:

• Notification area of the desktop

• Connect To Wireless Network dialog box

• Wireless Networks tab from the properties of a wireless connection

• Advanced dialog box from the Wireless Networks tab

• Windows Network Properties dialog box

• Authentication tab from the properties of a wireless connection

Notification Area of the Desktop

If there is a condition that requires either user notification or intervention, the WZC service prompts you with a message in the notification area of your desktop. Typical messages tell you that a wireless network is unavailable, authentication has failed, or you need to select the correct wireless network from a list of wireless networks that were discovered.

Figure 3-1 shows an example of a notification area message to the user.

Figure 3-1. Example of use of the notification area of the desktop.

Connect to Wireless Network Dialog Box

When the WZC service determines that you must select from a list of available networks, it prompts you with the One Or More Wireless Networks Are Available message, as shown in Figure 3-1. When you click the message, the Connect To Wireless Network dialog box displays, enabling you to select an available network with which to attempt a connection. When the WZC service successfully connects to the selected network for the first time, it is automatically added to the top of the list of preferred networks, grouped by type of network (infrastructure or ad hoc mode).

You can also access the Connect To Wireless Network dialog box by doing one of the following:

• Right-click the network icon in the notification area that corresponds to the wireless connection and then click View Available Wireless Networks.

• Right-click the wireless connection in Network Connections and then click View Available Wireless Networks.

Figure 3-2 shows the Connect To Wireless Network dialog box. (The settings shown in the following screen shots reflect the default settings unless otherwise noted.)

Figure 3-2. The Connect To Wireless Network dialog box.

From the Connect To Wireless Network dialog box, you can view and configure the following:

• Available Networks

  This option allows you to select from a list of available networks discovered in the latest scan of the wireless network adapter.

• Network Key

  This option allows you to type the Wired Equivalent Privacy (WEP) key used for either shared key authentication or the WEP encryption key. If you are using EAP-TLS authentication, the WEP encryption key is automatically determined. If you type a network key, it is automatically configured in the settings of the wireless network.

  More Info
  For more information about WEP and shared key authentication, see Chapter 2.

• Advanced

  This option displays the Wireless Networks tab for the wireless network adapter, from which you can create a customized configuration of wireless networks.

• Connect

  This option attempts to connect and authenticate to the wireless network selected in Available Networks.

Wireless Networks Tab from the Properties of a Wireless Connection

If the wireless network adapter driver supports the WZC service, there is a Wireless Networks tab from the properties of a connection in the Network Connections folder that corresponds to an installed wireless adapter.

Figure 3-3 shows the Wireless Networks tab.

Figure 3-3. The Wireless Networks tab.

On the Wireless Networks tab, you can view and configure the following:

• Use Windows To Configure My Wireless Network Settings

  This option specifies whether you want to use the WZC service to automatically configure your wireless settings. If you have third-party wireless configuration software that you want to use, clear this check box.

• Available Networks

  This option displays the list of wireless networks that are within range of your wireless network adapter. To view or change the configuration of a specific wireless network and add it to the list of preferred networks, click it in the list of available networks and then click Configure. To force the wireless adapter to initiate a new scan of wireless networks, click Refresh.

• Preferred Networks

  This option displays the list, by order of preference, of wireless networks with which the wireless client will attempt to connect and authenticate. To add a new wireless network that does not appear in the Available Networks list, click Add. To remove a wireless network, click Remove. To configure the settings of a selected preferred network, click Properties.

• Advanced

  This option configures advanced wireless settings that are independent of the wireless networks to which you are connecting.

Advanced Dialog Box from the Wireless Networks Tab

Figure 3-4 shows the Advanced dialog box.

Figure 3-4. The Advanced dialog box.

In the Advanced dialog box, you can configure the following:

• Networks To Access

  This option specifies the different types of networks that the Windows XP wireless client accesses. To attempt to connect to wireless LAN networks that are operating in either ad hoc or infrastructure mode (preferring infrastructure mode), select Any Available Network. To limit attempts to connect to wireless LAN networks that are operating only in infrastructure mode, select Access Point. To limit attempts to connect to wireless LAN networks that are operating only in ad hoc mode, select Computer-To-Computer.

• Automatically Connect To Non-Preferred Networks

  This option specifies whether connection attempts are made to any wireless network within range, regardless of whether they are listed in the Preferred Networks list.

Wireless Network Properties Dialog Box

Figure 3-5 shows the Wireless Network Properties dialog box.

Figure 3-5. The Wireless Network Properties dialog box.

In the Wireless Network Properties dialog box, you can view and configure the following:

• Network Name (SSID)

  This option displays or allows you to type the wireless LAN network name, also known as the SSID. The network name is sent out with beacon frames by wireless APs unless SSID suppression is enabled, and is automatically learned by wireless clients during the wireless client scanning process.

• Data Encryption (WEP Enabled)

  This option specifies whether WEP is enabled for this wireless LAN network. When you add a new wireless network, this setting is disabled by default.

• Network Authentication (Shared Mode)

  This option specifies whether IEEE 802.11 shared key authentication is used to authenticate the wireless client. If disabled, open system authentication is used.

  NOTE
  This setting does not affect IEEE 802.1X authentication, which is configured on the Authentication tab. For more information about shared key and open system authentication, see Chapter 2.

• Network Key

  This option provides a space to type a manually configured network key that is used for WEP. Typical implementations use the same key for shared key authentication and for WEP encryption.

• Key Format

  This option allows you to select the format for the network key (ASCII characters or hexadecimal digits).

• Key Length

  This option allows you to select the size of the network key (40 bits or 104 bits).

• Key Index (Advanced)

  This option allows you to specify the encryption key index values, identifying the location in which the key is stored. Historically, IEEE 802.11 allowed for four different keys to be stored on wireless network adapters and wireless APs. The encryption key index is an offset that is used to specify a single key when four keys are used. You can select values from 0 to 3.

• The Key Is Provided for Me Automatically

  This option specifies whether a WEP key is provided through some means other than manual configuration, such as a key provided on the wireless network adapter or through IEEE 802.1X authentication. If you disable this setting, you cannot perform 802.1X authentication. When you add a new wireless network, this setting is enabled by default.

• This Is A Computer-To-Computer (Ad Hoc) Network; Wireless Access Points Are Not Used

  This option specifies whether this wireless LAN network is operating in ad hoc mode. If enabled, the wireless client first attempts to connect to another wireless client in the ad hoc network. If unsuccessful, the wireless client becomes the first wireless client in the ad hoc network.

Authentication Tab from the Properties of a Wireless Connection

The Authentication tab appears for all LAN-based network adapters.

Figure 3-6 shows the Authentication tab.

Figure 3-6. The Authentication tab.

On the Authentication tab, you can view and configure the following:

• Enable Network Access Control Using IEEE 802.1X

  This option allows you to use IEEE 802.1X to perform authentication for this connection.

• EAP Type

  This option lists the EAP types that correspond to EAP DLLs installed on the computer. The default EAP types for Windows XP (prior to SP1) are MD5-Challenge and Smart Card Or Other Certificate. For more information about EAP types, see Chapter 5.

• Properties

  This button leads to a dialog box in which you can configure the properties of the selected EAP type (not available for the MD5-Challenge EAP type).

• Authenticate As Computer When Computer Information Is Available

  This option specifies whether the computer will attempt to authenticate using computer credentials (such as a computer certificate) without the user logging on.

• Authenticate As Guest When User Or Computer Information Is Unavailable

  This option specifies whether the computer will attempt to authenticate as a guest when either user or computer credentials are not available.