Secure Wireless :: How to Connect :: HSU-Owned Windows 7/Vista Systems

Printer-friendly versionSend to friendPDF version

FOR USE BY TECHNICAL PERSONNEL ONLY

Before You Start

Make sure the machine is as up to date as it can be and that you have administrative access.

Configuring Windows 7/Vista Using GPO

Ensure that:

  • Certificates are loaded onto the client and trusted
  • The SSID - HSUWireless-Secure - has been entered correctly (it is case-sensitive)
  • Connect even if the network is not broadcasting is enabled
  • Automatically use AD credentials for 802.1x is enabled (or not, based on the individual user)
  • Single Sign-on is configured based on the individual machine and/or user's situation

Configuring Windows 7/Vista Manually

Step 1: Click on the Wireless Network icon in the systray and then on Open Network and Sharing Center.

Click Wireless Network Icon in system trayClick Open Network and Sharing Center
 
 

Step 2: Click Manage Wireless Networks under the heading Control Panel Home on the left of the screen.

Click Manage wireless networks

Step 3: Click Add.

Click Add

Step 4: Select Manually create a network profile.

Select Manually create a network profile

Step 5: Enter the network name HSUWireless-Secure exactly as shown below and then:

  • Select WPA2-Enterprise for Security type.
  • Select AES for Encryption type.
  • Check Start this connection automatically.
  • Check Connect even if the network is not broadcasting

Click Next to continue.

Enter HSUWireless-Secure (VERY important - this name is CASE SENSITIVE) into the Network name field. - Select WPA2-Enterprise for Security type. - Select AES for Encryption type. - Check the Start this connection automatically box & connect even if the network is not broadcasting. - Click Next to continue.

Step 6: A new window will open, confirming that you have successfully added HSUWireless-Secure to your network options. To continue configuring the device, click Change connection settings.

Click on Change connection settings.

Step 7: On the Connection tab, check the following options:

  • Connect automatically when this network is in range.
  • Connect even if the network is not broadcasting its name (SSID).

Under the Connection tab make sure: - Check Connect automatically when this network is in range is checked. - Check Connect even if the network is not broadcasting its name (SSID).

Step 8: Select the Security tab and then

  • Select WPA2-Enterprise for Security type.
  • Select AES for Encryption type.
  • Select Microsoft: Protected EAP (PEAP) as the network authentication method.
  • Ensure Remember my credentials for this connections each time I'm logged on is checked.

Select the Security tab. - Select WPA2-Enterprise for Security type. - Select AES for Encryption type. - Choose a network authentication method Microsoft: Protected EAP (PEAP). - Ensure Remember my credentials for this connections each time I'm logged on is checked.

Step 9: Click on the Settings button next to Microsoft: Protected EAP (PEAP).

Click on the Settings button next to Microsoft: Protected EAP (PEAP).

Step 10: Ensure Validate server certificate is checked and then

  • Check Connect to these servers and enter wireless.humboldt.edu
  • Under Trusted Root Certification Authorities, check the box alongside Verisign Class 3 Public Primary Certification Authority - G5.
IMPORTANT
If you do not see Verisign Class 3 Public Primary Certification Authority - G5 in the list, you will need to follow these instructions to install the certificate.

  Ensure Validate Server Certificate is checked. - Check the box next to "Connect to these servers" and enter wireless.humboldt.edu

Step 11: Click Configure.

Click the Configure button.

Step 12: Ensure the box Automatically use my Windows logon name and password (and domain if any) is checked.

 Ensure the box Automatically use my Windows logon name and password (and domain if any) is checked.

 

Step 13: Click OK twice to return to the HSUWireless-Secure Wireless Network Properties Security tab and click on Advanced settings.

Then click OK twice to return to the HSUWireless-Secure Wireless Network Properties Security tab.

Step 14: On the 802.1x settings tab

  • Check Specify authentication mode and select User authentication
  • Ensure that Enable single sign on for this network is checked
  • Change the Maximum delay (seconds) to 5

Click OK

On the 802.1x settings tab - Check Specify authentication mode and select User authentication. Ensure that Enable single sign on for this network is checked, then Click OK

Step 15: Select the 802.11 settings tab and check Enable Pairwise Master Key (PMK) caching. Click OK.

Select the 802.11 settings tab, place a check for Enable Pairwise Master Key (PMK) caching, then click OK.

Step 16: Click OK, then Close. The device will begin connecting immediately to HSUWireless-Secure network.

Step 17: Click the Windows button and log off the machine.

Step 18: To make sure everything is working correctly, have the user log into the system. If the user has never used wireless before at HSU, there are a couple more one-time steps they need to take.

  • When they open their browser, they may be required to agree to the CSU Responsible Use Policy. To do this, they should simply digitally sign the document with their HSU User Name and Password.
  • They may also be asked to install the PolicyKey software. Follow the on-screen instructions to download and install the software if it's not already installed.

 Installing the Verisign Root Certificate under Windows 7/Vista

If you did not see the Verisign Class 3 Public Primary Certification Authority - G5 certificate in the Trusted Root Cerification Authorities window, install it following the instructions below:

Step 1: To download the required root certificate, right-click on this link and save it to the desktop.

Step 2: Click Close after the software has finished downloading.

To avoid seeing any certificate trust errors, you also need to install the Verisign Secondary Intermediate Certificate into the user's Certificate store. Here's how:

Step 3: To download the required intermediate certificate, right-click on this link and save it to the desktop.

Step 4: Click Close after the software has finished downloading.

Step 5: Right-click on the certificate icon(s) one at a time and choose Install Certificate. The Certificate Import Wizard window will pop up. Click Next

Once you have downloaded the certificates, right-click on the icon(s) one at a time and choose Install Certificate.  The Certificate Import Wizard window will pop up, click Next

Step 6: Click Automatically select the certificate store based on the type of certificate, then click Next.

Now, click the radio button titled Automatically select the certificate store based on the type of certificate, then click Next.

Step 7: Click Finish to complete the installation.

IMPORTANT NOTE:

You may need to close and reopen the Protected EAP Properties window when you return to the configuration instructions before you see the Verisign Class 3 Public Primary Certification Authority - G5 certificate listed. To do this, just click Cancel in the Protected EAP Properties window and repeat Steps 9 through 13 of the configuration instructions.

 

Related Topics

Secure Wireless
feedback