Wireless Logon wont run Logon script

Why would the wireless start working only after logon? The wireless connection should be valid even before logon.

Boot the workstation. (Don't log onto the domain) Then try to ping the workstation from a remote machine. Does it ping? If so, then the wireless connection is active.



Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

Why would the wireless start working only after logon? The wireless connection should be valid even before logon.

Click to expand...

I have this same issue and the reason in my case is WEP. The WEP key is stored in the wireless profile which doesn't get loaded until a user with a valid key in their profile logs on.



FRCP

Huh...I don't know much about this technology. Is this supported by MS?

I guess the concern is to encrypt and validate the connection. How about turning off Wireless security and turning on IPSEC for these clients?

-just a thought...I'm not sure if this will work...

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

I haven't tried IPSEC with my wireless clients either. One thing that I have tried, and it worked 75% of the time, was to use MAC ACLs on the WAP without using WEP. Then the issue became the user logging on faster than the client would associate, get an IP, etc. You would think that it all would happen before they could press ctrl alt del but the clients all sit and scan awhile before they pick one.



FRCP

A possible work-around is to put a sleep function at the start of the script. Have it wait for 30 seconds before it connects printers, map drives, etc...

Wireless is not very good for remote administration. Can't connect to a computer if user is logged off and there is no way to tell if a user left their computer on.

Paul

Work on Windows, play on Linux.

I followed the instructions at the following link with two small changes, and I am now able to have my laptops connected to the WLAN even when no one is logged on to them.


One part I did not do was the unchecking of the box mentioned in this section of the wireless client Authentication tab, EAP MSCHAPv2 properties.

"Click the properties button
Authentication Method: Secured password (EAP-MSCHAPv2)
Click the configure button
Uncheck the windows logon name and password box"

I also unchecked the "Authenticate as guest when user or computer information is not available" on the wireless client Authentication tab.

As described in the instructions, I created a Security group in Active Directory and added all of the users I wished to give access to the WLAN. But I also added all of the laptop's computernames as well. This allowed the laptop itself to authenticate to the RADIUS server and the WAP via group membership.

We are using Gateway 7001 access points, but the instruction in the link describe the scenario with Linksys and Dlink as well. The procedure should work with any WAP that can use WPA with an external RADIUS server, as long as that RADIUS server integrates with Active Directory.

The laptops are Gateway's and HP's running XP Pro, and they all have integrated Broadcom wireless NIC's. I believe that everything should work the same for Windows 2000 Pro as well.

All of my Group Policy's and logon scripts, such as my Software Update Server settings and the drive mappings, are working properly this way as well.

Although, in case you run into some of your policy's not being applied during startup, here is an excerpt from a post in another forum discussing a similar issue.
------------
"1. The WAP54G will work fine. I should note that for both a router or access point with built-in DHCP server, you likely want to disable this in a Domain setting and allow the Domain DHCP server to provide IP addresses.

2. For Windows XP clients the asyncronous loading of networking during the boot up process can pose an issue. This speeds up the login process in a stand-alone workstation by allowing the user to log in with cached logon credentials before the network is fully ready.

To disable this "feature" and restore normal domain logons, open the MMC and add the group policy snap-in. Under Computer Configuration-->Administrative Templates-->System-->Logon, change "Always wait for the network at computer startup and logon" to ENABLED.

This can be fed to clients via a group policy from a Windows 2000 server by upgrading the standard policy template with the XP policy template. Since this is an XP only command, non-XP systems will ignore it in a domain distributed group policy.

3. There are no special Group Policy needs posed by wireless networking.

4. The only thing to be extra careful about is that any WINS database and the DNS server for the Domain need to be reconciled for any changes you make. If you continue to use your Domain DHCP server, and you should, there should not be a problem. If this is the first time you are introducing internet access to the Domain, be sure to make the DNS server entries for forwarders to either the DNS proxy in the wired router (192.168.1.1 in the example above) or to your ISPs DNS servers."
-------------

I have VNC installed on all of the laptop's and I am now able to connect to them whether they are in a logged on or off state.

Hope this helps!