Sign in with
Sign up | Sign in
Your question

Don't cache PEAP authentication information on Win XP SP2

Tags:
  • Windows XP
  • Wireless Networking
Last response: in Wireless Networking
Share
Anonymous
August 12, 2005 4:50:03 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Does anyone know how to disable a windows XP SP2 box from cacheing the user
id and pw when you log into a wirless provider that is using PEAP? I want to
force each user to use their own user id and pw when they access the wireless
network.

I found a solution that I can do, but I don't want my users poking around
the registry.... I found the registry key that stores the information and
have sucessfully deleted it to force the input of the credentials the next
time that the wireless network is accessed. However, it just re-creates the
registry key.... Back to square 1.

Does anyone have a solution for this??

Mike

More about : cache peap authentication information win sp2

Anonymous
August 18, 2005 4:59:55 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

The credentials are cached because each time you roam you would need to
MANUALLY reenter the credentials. I've seen several wireless drivers
spontaneously roam when more than one access point is in range. Some of
these devices will roam 4 or more times per minute without even moving the
laptop an inch in any direction.

Multiple users sharing a Windows logon session is patently unsecure. Your
network users should have a seperate logon for each session on the local
computer. When one users finishes, they log-off, and then the next user
logs on. If you have deployed active directory in your enterprise, then you
can even use the AD user credentials for automatic authentication skipping
the prompts altogether.

Is there a special reason why your clients must deviate from this model?

--
Jerry Peterson
Windows Network Services - Wireless

This posting is provided "AS IS" with no warranties, and confers no rights.
"Mike McAlister" <MikeMcAlister@discussions.microsoft.com> wrote in message
news:B9A5D968-C0D0-4D2A-80ED-98320753B6F0@microsoft.com...
> Does anyone know how to disable a windows XP SP2 box from cacheing the
> user
> id and pw when you log into a wirless provider that is using PEAP? I want
> to
> force each user to use their own user id and pw when they access the
> wireless
> network.
>
> I found a solution that I can do, but I don't want my users poking around
> the registry.... I found the registry key that stores the information
> and
> have sucessfully deleted it to force the input of the credentials the next
> time that the wireless network is accessed. However, it just re-creates
> the
> registry key.... Back to square 1.
>
> Does anyone have a solution for this??
>
> Mike
Anonymous
August 18, 2005 5:27:06 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

We are deploying 10 laptops into 10 cars for about 40 users that are in a
different car everyday. There is no network to authenitcate to, other than
the wireless routers for internet access. I just don't want to create that
many user accounts on each laptop if I don't have to.

The laptops are basically used to create Word and Excel documents on. We
are in a university setting and our private network is completely standalone
from the universitys. Thus connection through the wireless router to our
network is not possible. My users are just wanting to access the network
resources so that they may use a web browser to e-mail the documents to their
supervisors rather than using the issued thumb drives to take it to the
supervisor.

My superiors want each person to have to authenticate to the router so that
their web usage can be more easily tracked through the university IT
department if needed.

Mike

"Jerry Peterson[MSFT]" wrote:

> The credentials are cached because each time you roam you would need to
> MANUALLY reenter the credentials. I've seen several wireless drivers
> spontaneously roam when more than one access point is in range. Some of
> these devices will roam 4 or more times per minute without even moving the
> laptop an inch in any direction.
>
> Multiple users sharing a Windows logon session is patently unsecure. Your
> network users should have a seperate logon for each session on the local
> computer. When one users finishes, they log-off, and then the next user
> logs on. If you have deployed active directory in your enterprise, then you
> can even use the AD user credentials for automatic authentication skipping
> the prompts altogether.
>
> Is there a special reason why your clients must deviate from this model?
>
> --
> Jerry Peterson
> Windows Network Services - Wireless
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> "Mike McAlister" <MikeMcAlister@discussions.microsoft.com> wrote in message
> news:B9A5D968-C0D0-4D2A-80ED-98320753B6F0@microsoft.com...
> > Does anyone know how to disable a windows XP SP2 box from cacheing the
> > user
> > id and pw when you log into a wirless provider that is using PEAP? I want
> > to
> > force each user to use their own user id and pw when they access the
> > wireless
> > network.
> >
> > I found a solution that I can do, but I don't want my users poking around
> > the registry.... I found the registry key that stores the information
> > and
> > have sucessfully deleted it to force the input of the credentials the next
> > time that the wireless network is accessed. However, it just re-creates
> > the
> > registry key.... Back to square 1.
> >
> > Does anyone have a solution for this??
> >
> > Mike
>
>
>
Anonymous
August 18, 2005 6:04:50 PM

Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Active Directory users would be the simplest way to implement this. Setup a
seperate domain for your private network. Write a quick script to create
all 40 users in active directory and join each laptop to the domain. You
already have a RADIUS server in place, so more than likely the domain
controller is already in place. If that is the case, this would take just a
few minutes to setup.

This would satisfy your per user tracking requirements. You wouldn't have
to create a new user on each laptop. Authentication permissions could be
centralized at the domain level. Further, you could use domain policy to
enable per user configurations and applications. This would also be far
more secure than the current model.

--
Jerry Peterson
Windows Network Services - Wireless

This posting is provided "AS IS" with no warranties, and confers no rights.
"Mike McAlister" <MikeMcAlister@discussions.microsoft.com> wrote in message
news:464E2BA5-2060-4B0D-B89D-F54850D255BE@microsoft.com...
> We are deploying 10 laptops into 10 cars for about 40 users that are in a
> different car everyday. There is no network to authenitcate to, other
> than
> the wireless routers for internet access. I just don't want to create
> that
> many user accounts on each laptop if I don't have to.
>
> The laptops are basically used to create Word and Excel documents on. We
> are in a university setting and our private network is completely
> standalone
> from the universitys. Thus connection through the wireless router to our
> network is not possible. My users are just wanting to access the network
> resources so that they may use a web browser to e-mail the documents to
> their
> supervisors rather than using the issued thumb drives to take it to the
> supervisor.
>
> My superiors want each person to have to authenticate to the router so
> that
> their web usage can be more easily tracked through the university IT
> department if needed.
>
> Mike
>
> "Jerry Peterson[MSFT]" wrote:
>
>> The credentials are cached because each time you roam you would need to
>> MANUALLY reenter the credentials. I've seen several wireless drivers
>> spontaneously roam when more than one access point is in range. Some of
>> these devices will roam 4 or more times per minute without even moving
>> the
>> laptop an inch in any direction.
>>
>> Multiple users sharing a Windows logon session is patently unsecure.
>> Your
>> network users should have a seperate logon for each session on the local
>> computer. When one users finishes, they log-off, and then the next user
>> logs on. If you have deployed active directory in your enterprise, then
>> you
>> can even use the AD user credentials for automatic authentication
>> skipping
>> the prompts altogether.
>>
>> Is there a special reason why your clients must deviate from this model?
>>
>> --
>> Jerry Peterson
>> Windows Network Services - Wireless
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> "Mike McAlister" <MikeMcAlister@discussions.microsoft.com> wrote in
>> message
>> news:B9A5D968-C0D0-4D2A-80ED-98320753B6F0@microsoft.com...
>> > Does anyone know how to disable a windows XP SP2 box from cacheing the
>> > user
>> > id and pw when you log into a wirless provider that is using PEAP? I
>> > want
>> > to
>> > force each user to use their own user id and pw when they access the
>> > wireless
>> > network.
>> >
>> > I found a solution that I can do, but I don't want my users poking
>> > around
>> > the registry.... I found the registry key that stores the information
>> > and
>> > have sucessfully deleted it to force the input of the credentials the
>> > next
>> > time that the wireless network is accessed. However, it just
>> > re-creates
>> > the
>> > registry key.... Back to square 1.
>> >
>> > Does anyone have a solution for this??
>> >
>> > Mike
>>
>>
>>
!