Networking

XP client configuration for enhanced security on a Linksys wireless network

If you use Windows XP clients in conjunction with a Linksys wireless network, you'll need to take some time to configure clients to get the full security benefits of both XP and Linksys. Here's a step-by-step guide.


Chances are that some of your clients will be migrating from Windows 98 or 2000 to Windows XP this year. If your clients have a wireless network, you’ll obviously want to take advantage of the security features offered in both the OS and the wireless network equipment. If, for example, you’ve configured a Linksys wireless network, the next step is to configure the Windows XP client—a topic I'll cover in this article.

(Note: This article assumes that you have successfully installed the device driver for the Linksys network adapter and connected to the wireless network before applying the security enhancements.)

Second of two parts
This is the final installment of a two-part series that covers security enhancements that you can make to your clients’ wireless network. The first article reviewed additional security fixes to make on wireless access points.

Configure wireless network adapter in Windows XP
Because of wired equivalent protocol (WEP), Windows XP’s wireless zero configuration utility (WZC) will not be able to automatically connect the wireless network. Therefore, you will need to set some additional options in Windows XP. To make these changes, you’ll need to:
  • Double-click the network connection icon for the wireless network in your system tray on the desktop.
  • Click the Advanced button at the bottom-left corner of the Wireless Network Connection dialog box (see Figure A).

Figure A


 
  • To add the wireless network as a preferred network, click the Add button in the Preferred Network section. You’ll then see the screen shown in Figure B.

  • Figure B

    • Type the service set identifier (SSID) for the wireless network in the Network Name field.
    • Check the Data Encryption (WEP Enabled) check box.
    • Check the Network Authentication (Shared Mode) check box.
    • Check The Key Is Provided for Me Automatically check box. (If you still have problems connecting to the wireless network, uncheck this option, then type in the first key generated by the WEP passphrase. You can get this information from the WEP Settings page in the Web-based administration utility for the access point.)

    Problem locating the wireless network
    Once you turn off the SSID broadcasting, clients might not be able to locate or connect to the wireless network. I discovered this problem with Linksys PCMCIA network adapters (WPC11 version 3). Linksys says this happens because WZC does not support disabling SSID broadcasting. Therefore, this is a problem you might find with any Linksys network adapter that supports WZC.

    Both Microsoft and Linksys indicate this is a problem, but they offer few workarounds. Linksys recommends that you use earlier versions of Linksys network adapters, e.g., WPC version 2.5, that do not support WZC.

    Disable the WZC utility
    The WZC service is not a requirement for a successful wireless network connection in XP. You can disable the service and get a slight improvement in system performance. To turn off the Windows XP WZC, do the following:
    1. Right-click the My Network Places icon on your Windows desktop.
    2. Choose the Properties option.
    3. Right-click the network connection for the wireless network adapter.
    4. Choose the Properties option.
    5. Click the Wireless Networks tab.
    6. Uncheck the Use Windows To Configure My Wireless Network Settings option (see Figure C).

    Figure C


    You can turn off this feature entirely by disabling the WZC service in the Services Manager.

    Device settings
    When you disable WZC, you need to configure the wireless network connection options on the device profile. To access the device settings to be changed, as shown in Figure D, you need to:
    1. Right-click the My Computer icon on your Windows desktop.
    2. Choose the Properties option.
    3. Click the Hardware tab.
    4. Click the Device Manager button in the Device Manager section.
    5. Under the network adapters branch, right-click the Linksys wireless network adapter profile.
    6. Choose the Properties option.
    7. Click the Advanced tab.
    8. Change the values for specific properties defined for the network adapter. The values to change are Encryption, SSID, and WEP Passphrase. Each should match the settings you defined on the access point.

    Figure D


    Cutting down on the administrative headaches
    In conjunction with these tips, there are a few techniques you can employ to reduce your share of administrative overhead:
    1. Create a suborganizational unit just for Windows XP systems. (Windows XP has additional registry settings and policies that Windows 2000 does not.)
      To make management cleaner, you can apply a group policy on an organizational unit that affects all computers for settings that would apply to all client computers in your environment. Then, create the suborganizational unit for Windows XP clients to manage only the XP-related settings. One of these settings can be for the WZC in the registry.
    2. Customize an administrative template just for Windows XP systems. This administrative template will be attached to group policy on the suborganizational unit for just XP systems. To learn how to do this, check out the Microsoft TechNet article "Implementing Registry-Based Group Policy for Applications" and the Microsoft Knowledge Base Article "HOW TO: Create Custom Administrative Templates in Windows 2000."
    3. Add the WZC service as an option in the customized administrative template. This will then be applied to all XP systems in the organizational unit.
    4. Use AutoIt to automate configuring device settings. This free application records keystrokes in Windows. You could record the keystrokes on the first system configured, then create a script to use with other systems.

    Editor's Picks

    Free Newsletters, In your Inbox