I followed the instructions at the following link with two small changes, and I am now able to have my laptops connected to the WLAN even when no one is logged on to them.
One part I did not do was the unchecking of the box mentioned in this section of the wireless client Authentication tab, EAP MSCHAPv2 properties.
"Click the properties button
Authentication Method: Secured password (EAP-MSCHAPv2)
Click the configure button
Uncheck the windows logon name and password box"
I also unchecked the "Authenticate as guest when user or computer information is not available" on the wireless client Authentication tab.
As described in the instructions, I created a Security group in Active Directory and added all of the users I wished to give access to the WLAN. But I also added all of the laptop's computernames as well. This allowed the laptop itself to authenticate to the RADIUS server and the WAP via group membership.
We are using Gateway 7001 access points, but the instruction in the link describe the scenario with Linksys and Dlink as well. The procedure should work with any WAP that can use WPA with an external RADIUS server, as long as that RADIUS server integrates with Active Directory.
The laptops are Gateway's and HP's running XP Pro, and they all have integrated Broadcom wireless NIC's. I believe that everything should work the same for Windows 2000 Pro as well.
All of my Group Policy's and logon scripts, such as my Software Update Server settings and the drive mappings, are working properly this way as well.
Although, in case you run into some of your policy's not being applied during startup, here is an excerpt from a post in another forum discussing a similar issue.
------------
"1. The WAP54G will work fine. I should note that for both a router or access point with built-in DHCP server, you likely want to disable this in a Domain setting and allow the Domain DHCP server to provide IP addresses.
2. For Windows XP clients the asyncronous loading of networking during the boot up process can pose an issue. This speeds up the login process in a stand-alone workstation by allowing the user to log in with cached logon credentials before the network is fully ready.
To disable this "feature" and restore normal domain logons, open the MMC and add the group policy snap-in. Under Computer Configuration-->Administrative Templates-->System-->Logon, change "Always wait for the network at computer startup and logon" to ENABLED.
This can be fed to clients via a group policy from a Windows 2000 server by upgrading the standard policy template with the XP policy template. Since this is an XP only command, non-XP systems will ignore it in a domain distributed group policy.
3. There are no special Group Policy needs posed by wireless networking.
4. The only thing to be extra careful about is that any WINS database and the DNS server for the Domain need to be reconciled for any changes you make. If you continue to use your Domain DHCP server, and you should, there should not be a problem. If this is the first time you are introducing internet access to the Domain, be sure to make the DNS server entries for forwarders to either the DNS proxy in the wired router (192.168.1.1 in the example above) or to your ISPs DNS servers."
-------------
I have VNC installed on all of the laptop's and I am now able to connect to them whether they are in a logged on or off state.
Hope this helps!
