HeathRamos
IS-IT--Management
I have been looking into seting up a wireless lan that uses certificates (Securing Wireless LANs with Certificate Services article) but it has brought up a few questions...
#1 Can you set this up using Windows 2003 standard edition or just using enterprise edition? (I know you can't customize templates and you can't autoenroll user certificates with the standard version).
#2 Exactly why is it best practice to have an offline root CA and use a subordinate CA to pass out the certificates? Is that overkill for a small company?
#3 If you set up the wireless lan the way suggested ( what happens if a computer w.o a cert tries to establish a connection? does it even get an ip? what about a computer with a cert but the user doesn't have a cert? does the computer get dropped from the network entirely after the user tries to log on w/o the cert?
#1 Can you set this up using Windows 2003 standard edition or just using enterprise edition? (I know you can't customize templates and you can't autoenroll user certificates with the standard version).
#2 Exactly why is it best practice to have an offline root CA and use a subordinate CA to pass out the certificates? Is that overkill for a small company?
#3 If you set up the wireless lan the way suggested ( what happens if a computer w.o a cert tries to establish a connection? does it even get an ip? what about a computer with a cert but the user doesn't have a cert? does the computer get dropped from the network entirely after the user tries to log on w/o the cert?
