Hello everyone,
This is a repost of a question we found on Reddit and answered by the stellar @JuergenKlaassen. This answer isn't a plug and play script that's been tested but rather a starting point resource for you to configure what you need.
- First up, a blog post for Configuring 802.1x Authentication for Windows Deployment that does this using BAT rather than Powershell: https://www.asquaredozen.com/2018/07/29/configuring-802-1x-authentication-for-windows-deployment-par...
- Next up, Juergen's PowerShell script to configure a Wifi Profile (and install a RADIUS certificate) that can be used as a reference and/or updated to configure Ethernet instead: https://github.com/juergen-kc/JumpCloud/blob/main/JC-Wi-Fi-EAP-TTLS-PAP-with-JumpCloud%2BCert-Instal...
- A sample XML file that you can edit with your configuration
<?xml version="1.0"?>
<LANProfile xmlns="http://www.microsoft.com/networking/LAN/profile/v1">
<MSM>
<security>
<OneXEnforced>false</OneXEnforced>
<OneXEnabled>true</OneXEnabled>
<authMode>userOrComputer</authMode>
<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
<EAPConfig>
<!-- Insert EAP configuration XML here -->
</EAPConfig>
</OneX>
</security>
</MSM>
</LANProfile>
- Apply the XML profile with
netsh lan add profile interface="Ethernet" filename="path\to\your\profile.xml"
- Start the AutoConfig with
Set-Service -Name 'dot3svc' -StartupType 'Automatic'
Start-Service -Name 'dot3svc'
We hope this helps, but if not, you can always reach out to our professional services or support team who can help you either put together a new setup or debug an existing setup, respectively. 🙂
One day I'll know how to do all of this myself, but today is not that day. <cringe.gif>
Urvashi
