Microsoft IAS and Wireless Zero Configuration

[mellimik]

Hello,

I've been thinking about this by myself for some time now and I seem to be unable to come up with the answer. How can I utilize the Wireless Zero Configuration and RADIUS based Wlan network?

Basically what I have now is Microsoft IAS server configured to ask EAP (with Smart card or other certificate) + MS-CHAP v2. I have my own enterprise CA or actually two of them, one being Root and the other Subordinate. Wireless clients (Windows XP SP2) have the Root CA certificate pushed by GPO and users logged in to these wireless clients have their own User certificate automatically enrolled. This setup works, but it requires that there is a valid user logged in to the computer for Windows to connect to my wireless network.

This poses some issues since I would like all my client PC's to be always connected, which, for my understanding at least, means authenticating with computer account and computer certificate instead of user account and user certificate. Is this correct? I know that if you use Windows to configure wireless networks, there is this Wireless Zero Configuration system service that connects to known networks without the user logging in first. That is my goal, so I can manage computers without user logged in to them.

How have others done this? I don't really know what keywords to start to use with Google, as "Microsoft IAS computer certificate" really only links to articles covering IAS setup, and that is something I've already done.