Windows 7 Wireless AD Login (PEAP)

I had this request and created a short document on configuring windows 7 to allow AD authentication via the wireless with PEAP.

    Configure SSO on wireless profile

Click on the wireless icon in the task bar.
Right click the SSID
Click on Properties

Click the Advanced settings button
Click the Specify authentication mode checkbox
Select User authentication from the dropdown (optional depending on environment)
Click the Enable single sign on for this network checkbox
Ensure the Perform immediately before user logon radio button is selected

Click OK twice to close dialogue boxes

    Configure Group Policy

Click Start
In the search box type group policy
Open the following folder:
Computer Configuration > Administrative Templates > System > Logon

Double click on the Always wait for the network at computer startup and logon setting

Click the radio button to Enabled
Click OK and Exit Local Group Policy Editor
Restart the machine, disconnect from the wired network and verify the logon process works

3 thoughts on “Windows 7 Wireless AD Login (PEAP)

  1. Andrew von Nagy

    I disagree with the local group policy setting if users take laptops outside of the workplace they will need to login with cached credentials and the corporate network will not be available. A reasonable timeout is more appropriate in my opinion.



    1. TJ McClinticTJ McClintic Post author

      For this example, it is used on loaner laptops that will be used by students to take tests. These will not leave the campus or wireless/wired coverage. This will enable students to login to the laptops without have to get on the wire.

      In a corporate example, using cached credentials will be fine. However, I am not sure if logins even with cached are allowed since the AD won’t be available. I will test that and let you know.

  2. TJ McClinticTJ McClintic Post author

    This morning I tested by disabling my wireless card and unplugging myself from the network. I restarted my machine and logged in sucessfully. There must be a hidden timeout for cached credentials use, because it did take about 10-15 seconds.


Leave a Reply to Andrew von Nagy Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>