WPA2 missing from policy

**goodhead** · 15th December 2009, 12:17 PM

We run 2003 servers with sp2 and pcs with xp sp3.
We have laptops which we want to use wpa2 and control with a wireless policy.

Why cant MS stop being so stubben about this and give us the update to allow server 2003 to control wpa2.

They give you wep. but as we all know , you may aas well not bother!

I dont see why i should have to update my dc to 2008 scehma just for that.

I'm happy with 2003 at the moment.

Does any one know a way round this or some 3rd party software that would do this.

Come on microsoft!!!!!

**Michael** · 15th December 2009, 12:27 PM

I believe you can do it by integrating an update into the 2003 schema.

**goodhead** · 15th December 2009, 12:54 PM

Originally Posted by Michael

I believe you can do it by integrating an update into the 2003 schema.

You need an 2008 AD server to update 2003 schema to 2008.

We dont have any 2008 servers.

**sidewinder** · 15th December 2009, 03:17 PM

Originally Posted by goodhead

You need an 2008 AD server to update 2003 schema to 2008.

We dont have any 2008 servers.

Nope, read the link. All you need is a Pc running Vista or 2008, or presumably Windows 7.

Having said that, I dont think I'd rush to use that hack unless I was desperate!
Even when we were able to use GPO for wireless, I didnt find it to that great. The profiles had a habit of dissapearing from time to time. Better to just set it up manually after imaging a laptop

**Michael** · 15th December 2009, 03:21 PM

You need an 2008 AD server to update 2003 schema to 2008.

That's not technically true. If you insert a 2008 disc into a 2003 Server, you can upgrade the schema from the command prompt. This'll upgrade it from 30 or 31 to 44 for example. At a later date you could then upgrade to 2008 Server.

**mickeyh080** · 13th May 2010, 07:15 PM

Would this have to be done on the DC ?

Originally Posted by Michael

That's not technically true. If you insert a 2008 disc into a 2003 Server, you can upgrade the schema from the command prompt. This'll upgrade it from 30 or 31 to 44 for example. At a later date you could then upgrade to 2008 Server.

**SYNACK** · 14th May 2010, 12:00 AM

Originally Posted by mickeyh080

Would this have to be done on the DC ?

It is best to run this on the DC with the schema master role as it is much faster, if you are using a 2008 disk then you will need the one that matches the architecture of your current server, ie 32 or 64 bit. If you are using a 2008 R2 disk it includes both versions of AD Prep. If you can get a hold of a 2k8 R2 disk then you may as well push it up to R2, you don't need an r2 license to upgrade the schema and I know that 2003 will handle it just fine.

**mickeyh080** · 14th May 2010, 09:45 AM

By updating the schema on the DC to 2008 will this enable the WPA2 setting in the GPO or would we still need to access the setting using a Win7/ Vista workstation. Seen various references stating that you would never see the WPA2 setting on a 2003 server unless your accessing via a 2008/Win7 console.

If this is the case then as you suggested I will just run the GPO from a workstation for now until we upgrade the DC to 2008 this year.

Originally Posted by SYNACK

It is best to run this on the DC with the schema master role as it is much faster, if you are using a 2008 disk then you will need the one that matches the architecture of your current server, ie 32 or 64 bit. If you are using a 2008 R2 disk it includes both versions of AD Prep. If you can get a hold of a 2k8 R2 disk then you may as well push it up to R2, you don't need an r2 license to upgrade the schema and I know that 2003 will handle it just fine.

**SYNACK** · 14th May 2010, 01:42 PM

Originally Posted by mickeyh080

By updating the schema on the DC to 2008 will this enable the WPA2 setting in the GPO or would we still need to access the setting using a Win7/ Vista workstation. Seen various references stating that you would never see the WPA2 setting on a 2003 server unless your accessing via a 2008/Win7 console.

That is correct, you would still need to run the console from a Vista/7 PC as the older versions of the console included in 2003 don't have the nessisary interface to configure this setting in the newly upgraded AD database behind the scenes. It will work fine managing it from a workstation as you intend to with the newer version of the console that can edit the right bits in the database.

**mickeyh080** · 14th May 2010, 04:56 PM

Loaded a laptop with Windows & professional and installed the 2008 Admin pak. Then joinded this to the domain and edited the wireless GPO and hey presto the WPA2 setting is applied. Tried this without altering the schema on the Dc and it worked fine. Laptops are now connecting using WPA2, only downside is the GPO is now greyed out in 2003 so cannot edit it without using the Win 7 machine.

Thanks very much for the info, this fix will do nicely until we upgrade the servers.

Originally Posted by SYNACK

That is correct, you would still need to run the console from a Vista/7 PC as the older versions of the console included in 2003 don't have the nessisary interface to configure this setting in the newly upgraded AD database behind the scenes. It will work fine managing it from a workstation as you intend to with the newer version of the console that can edit the right bits in the database.

**mavhc** · 17th May 2010, 11:09 AM

Is this still only for 802.11x etc? Or does it let you send out pre shared keys?

LinkBack

Thread Tools

Search Thread

WPA2 missing from policy

Thanks to SYNACK from:

Similar Threads

WPA2-PSK Group Policy on Server 2003

wpa2 gpo 2008 server dc

Local secrity Policy MMC missing

upgarde WEP to WPA2 on laptop with XP Pro SP2

WPA2

Thread Information

Users Browsing this Thread

Posting Permissions