Back to Contents

Administrator Tool: Intel(R) PRO/Wireless 3945ABG Network Connection User Guide

The Administrator Tool is used by the person who has administrator privileges on this computer. This tool is used to configure common (shared) profiles, pre-logon profiles, and persistent connection profiles.The Administrator Tool can also be used by an Information Technology department to configure user settings within the Intel(R) PROSet/Wireless software and to create custom install packages to export to other systems.

The Administrator Tool is located on the Tools menu. It must be selected during installation of the Intel PROSet/Wireless software or the feature is not displayed in the Tools menu.

Set Administrator Password

Users cannot modify Administrator settings or profiles unless they have the password for this tool. When you first access the Administrator Tool, you are required to enter a password. The password must not exceed 100 characters. Null passwords are not allowed.

  1. Enter password: Create a password (maximum 100 characters).
  2. Confirm Password: Reenter the password.
  3. Click OK. The Open Administrator Package displays.

To change the existing password:

  1. Click Administrator Tool from the Tools menu.
  2. Click Change Password on the password entry form.
  3. Old Password: Enter the existing password.
  4. New Password: Enter the new password.
  5. Confirm Password: Reenter the new password again.
  6. Click OK to save the new password and enter the Administrator Tool.

Administrator Packages

The Administrator Packages are used to save administrative profiles and other settings. You can copy or send this self-extracting executable to clients on your network. When the executable runs, the contents are installed and configured on the destination computer.

To create a new package:

  1. On the Tools menu, click Administrator Tool.
  2. Enter your password to the Administrator Tool.
  3. Administrator Package: Click Create a new package.
  4. Click OK.
  5. Select either Include Profiles, Include Application Settings, Include Adapter Settings, Include Software, or Include A-ID Groups on the Profiles, Application Settings, Adapter Settings, Software, and EAP-FAST A-ID Groups pages to configure the options to be included in the package.
  6. Click Close.
  7. You are notified: The current package is changed. Would you like to save the changes?
  8. Click Yes. Save the executable file to a directory on the local disk drive.
  9. Click Save. The file is created. NOTE: This process may take several minutes.
  10. Click Finished to view the package contents.

NOTE: You can also select Save Package on the Administrator Tool File Menu to save the package.

To edit a package:

  1. Access the Administrator Tool.
  2. On the Open Administrator Package page, click Open to edit an existing package.
  3. Click Browse. Locate the package's executable file.
  4. Click Open. Make your updates.
  5. Click Close.
  6. You are notified: The current package is changed. Would you like to save the changes?
  7. Click Yes. Save the executable file to a directory on the local disk drive.

NOTE: You can also select Open Package on the Administrator Tool File menu to edit an Administrator Package.

Administrator Profiles

Administrator Profiles are owned and managed by the network administrator or the administrator of this computer. These profiles are common or shared by all users on this computer. However, end users cannot modify these profiles. They can only be modified from the Administrator Tool, which is password protected.

There are three types of Administrator Profiles: Persistent, Pre-Logon/Common and Voice over IP (VoIP).

Persistent Connection

Persistent profiles are applied at boot time or whenever no one is logged on the computer. After a user logs off, a Persistent profile maintains a wireless connection either until the computer is turned off or a different user logs on.

Persistent Connect key points:

NOTE: Intel PROSet/Wireless supports machine certificates. However, they are not displayed in the certificate listings.

To create a Persistent Profile:

  1. Click Include Profiles.
  2. Click Persistent.
  3. Click Add to open the General Settings.
  4. Wireless Network Name (SSID): Enter the network identifier.
  5. Profile Name: Enter a descriptive profile name.
  6. Operating Mode: Network (Infrastructure) is selected.
  7. Administrator Profile Type: Persistent: Active when no users are logged on is selected.
  8. Click Next.
  9. Click Enterprise Security to open the Security Settings. See Enterprise Settings for 802.1x security configuration information.
  10. Click OK.

Pre-Logon Connection

Pre-Logon/Common profiles are applied prior to a user log on. If Single Sign On support is installed, the profile is applied and connection is made prior to the the Windows log on sequence (pre-logon).

If Single Sign On support is not installed, the profile is applied once the user session is active.

Pre-logon/Common profiles always appear at the top of a the Profiles list. A user can still prioritize their own profiles that they have created but they cannot reprioritize Pre-logon/Common Profiles. Since these profiles appear at the top of the profiles list, Intel PROSet/Wireless automatically attempts to connect to the Administrator profiles first before any user created profiles.

NOTE: Only administrators can create or export Pre-Logon/Common profiles.

Pre-Logon Connect key points are:

Pre-Logon/Common Connection Status

Pre-Logon support is installed during a Custom install of the Intel PROSet/Wireless software. Refer to Install and Uninstall the Software for more information.

NOTE: If the Single Sign On or Pre-Logon Connect features are not installed, an administrator is still able to create Pre-Logon/Common profiles for export to a user's computer.

The following describes how the Pre-Logon Connect feature functions from system power-up. The assumption is that there is a saved profile with valid security settings marked with "Use Windows Logon user name and password" that are applied at the time of Windows log on.

  1. After a system power-up, enter your Windows log on domain, user name, and password.
  2. Click OK. The Pre-Logon profile Status page displays the progress of the network connection. After the wireless adapter is connected to the network access point, the Status page closes and the Windows user logs on.

NOTE: A user certificate can only be accessed by a user that has been authenticated on the computer. Therefore, a user should log onto the computer once (using either a wired connection, alternate profile or local log in) before using a pre-logon profile that authenticates with a user certificate

When a user logs off, any wireless connection is disconnected and a persistent profile (if one is available) is applied. Under certain circumstances it is desirable to maintain the current connection (for example, if user specific data needs to be uploaded to the server post-log off or when roaming profiles are used).

Create a profile which is marked as both pre-logon and persistent to achieve this functionality. If such a profile is active when the user logs off, the connection is maintained.

To create a Pre-Logon/Common Profile:

  1. Click Include Profiles.
  2. Click Pre-Logon/Common.
  3. Click Add to open the General Settings.
  4. Wireless Network Name (SSID): Enter the network identifier.
  5. Profile Name: Enter a descriptive profile name.
  6. Operating Mode: Network (Infrastructure) is selected.
  7. Administrator Profile Type: Pre-logon/Common: Active when a user is logged on. This profile is shared by all users. This profile type is already selected.
  8. Click Next.
  9. Click Advanced to open the Advanced Settings. Use the Advanced Settings to set the following:

    An administrator can select the user name format for the authentication server.

    The choices are:

    • user (default)
    • user@domain
    • user@domain.com
    • DOMAIN\user
  10. Click OK to close the Advanced Settings.
  11. Click Enterprise Security to open the Security Settings. See Enterprise Security for 802.1x security configuration information.
  12. Click OK to save the profile and add it to the Administrator profiles list.

    NOTE: If a Persistent connection was already established, a Pre-Login/Common profile is ignored if the profile is configured with both Pre-Logon/Common and Persistent connection options.

Voice over IP (VoIP) Profiles

Intel PROSet/Wireless software supports VoIP third-party soft-phone applications.

Third party VoIP applications support Voice Codecs. Codecs are used to encode voice for transmission across IP networks. Codecs generally provide a compression capability to save network bandwidth.

Intel PROSet/Wireless software supports the following International Telecommunications Union (ITU) codec standards:

Codec

Algorithm

Data Rate (Kbps)

Comments

ITU G.711

PCM (Pulse Code Modulation)

64

G.711 with mu-law used in North America and Japan, while G.711 with A-law used in the rest of the world.

ITU G.722

SBADPCM (Sub-Band Adaptive Differential Pulse Code Modulation)

48, 56 and 64

ITU G.723

Multi-rate Coder

5.3 and 6.4

ITU G.726

ADPCM (Adaptive Differential Pulse Code Modulation)

16, 24, 32, and 40

ITU G.728

LD-CELP (Low-Delay Code Excited Linear Prediction)

16

ITU G.729

CS-ACELP (Conjugate Structure Algebraic-Code Excited Linear Prediction)

8

An administrator can create profiles that use pre-existing VoIP profiles to configure various codec data rates and frame rates to improve voice quality in VoIP transmissions.

To create a VoIP profile:

NOTE: Ensure Voice over IP is not disabled in the Administrator Tool Application Settings. It is enabled by default.

  1. Click Include Profiles.
  2. Select a profile from the list.
  3. Click Properties to open the Create VoIP Profiles page.
  4. Select the Codec bandwidth, application usage and Frame Rate.

Codec

Usage

Frame Rate

  • G711_64kbps
  • G711_56kbps
  • G711_48kbps
  • G722_64kbps
  • G722_56kbps
  • G722_48kbps
  • G722_1_32kbps
  • G722_1_24kbps
  • G722_1_16kbps
  • G723_1_6_4kbps
  • G723_1_5_3kbps
  • G726_16kbps
  • G726_24kbps
  • G726_32kbps
  • G726_40kbps
  • G728_12_8kbps
  • G728_16kbps
  • G729_8kbps
  • G729a_8kbps
  • G729b_8kbps
  • G729ab_8kbps
  • G729d_6_4kbps
  • G729e_8kbps
  • G729e_11_8kbps
  • GIPS_iPCM_VARIABLE
  • G722_2_VARIABLE
  • SPEEX_VARIABLE
  • GIPS_iSAC_VARIABLE
  • Interactive Voice
  • Audio Conference
  • Voice Data
  • Video
  • Streaming Audio
  • 10
  • 20
  • 30
  1. Click OK to return to the Profiles list.
  2. Click Close to save the profile settings to a package.

Administrator Tool Settings

An Administrator can determine which order Administrator profiles are placed in the Administrator Tool's Profiles list.

  1. Click the Administrator Tool Tools menu.
  2. Click Settings to open the Administrator Tool Settings.
  3. Click OK to close and return to the Administrator Tool.

Application Settings

An administrator can select which level of control that users have over their wireless network connections.

To configure Application Settings:

  1. Click Include settings.
  2. Enable or disable each setting listed in the table below.

Name

Description

802.11a Radio On/Off Control

Select Add 802.11a Radio On/Off Selection to allow a user to turn on or off the 802.11a radio on their computer. This adds the 802.11a Radio Off control to the Taskbar menu and the Intel PROSet/Wireless main window on a user's computer.

Once this feature is installed on a user's computer, follow the instructions below to turn on or off the 802.11a radio control.

To turn off the 802.11a Radio:

  1. On the Intel PROSet/Wireless Main window, click the Wireless On button. The list of radio options are displayed.
  2. Select 802.11a Radio Off. The 802.11a radio is now inactive.

To turn on the 802.11a Radio:

  1. On the Intel PROSet/Wireless Main window, click the 802.11a Radio Off button. The list of radio options are displayed.
  2. Select Wireless On. The 802.11a radio is now active.

NOTE: This option is available only for wireless adapters that support 802.11a, 802.11b and 802.11g. This feature is not installed through an Administrator Package when a user's computer has an Intel(R) PRO/Wireless 3945BG Network Connection or an Intel(R) PRO/Wireless 2200BG Network Connection.

802.1x Authentication

 

Enable a user to create or connect to profiles that support different 802.1x authentication EAP types.

Select which 802.1x authentication EAP types you want enabled on a user’s computer: MD5, EAP-SIM, LEAP, TLS, TTLS, PEAP, EAP-FAST.

Administrator Tool

Disable access to the Administrator Tool on a user’s computer.

Application Auto Launch

Select to start a batch file, executable file, or script automatically when a specific profile connects to the network. For example, start a Virtual Private Network (VPN) session automatically whenever a user connects to a wireless network.

Application On Radio Toggle

Enables a third-party application to disable the Intel PROSet/Wireless Wireless On or Wireless Off switch.

CCXv4

Select Enable CCSv4 to Enable Cisco Compatible Extensions, version 4 (CCXv4) features for EAP-FAST profiles.

NOTE: The EAP-FAST A-ID (Authority Identifier) Groups feature in the Administrator Tool is unavailable if CCXv4 is not enabled.

Select which of the following prompts to enable or disable on a user's computer for EAP-FAST PAC provisioning:

Turn on prompt and warnings for unauthenticated provisioning: Option to turn off prompts and warnings for PAC auto-provisioning if there is no PAC or there is no PAC that matches the A-ID sent by the server that it is connected to.

Turn off prompts when switching default server (A-ID): Option to turn off prompts when a client encounters a server that has provisioned a PAC before but is not currently selected as the default server.

Turn off unauthenticated provisioning after PAC is provisioned: Option to turn off auto-provisioning automatically after a PAC for that A-ID has been provisioned.

NOTE: This feature is not installed through an Administrator Package when a user's computer has an Intel(R) PRO/Wireless 3945BG Network Connection, an Intel(R) PRO/Wireless 2915ABG Network Connection, or an Intel(R) PRO/Wireless 2200BG Network Connection.

Cache Credentials

Select to save credentials after a user logs on. If the wireless connection temporarily disconnects, the saved credentials are used upon reconnection. The credentials are cleared when the user logs off.

NOTE: if cleared, The Prompt each time I connect option is unavailable when creating profiles

Device to Device (ad hoc)

Enable or disable whether a user is able to either create ad hoc profiles or join ad hoc networks.

Select one of the following to enable or disable whether the user can connect to device to device networks:

  • Enable device to device networking.
  • Enable secure device to device networking only.
  • Disable device to device networking.

Select to either allow a user to configure profiles with device to device (ad hoc) settings or prevent configuration of device to device (ad hoc) profiles.

  • Show device to device application settings
  • Hide device to device application settings.

To remove the Device to device (Ad hoc) operating mode from the Profile Wizard General Settings, select both Disable device to device networking and Hide device to device application settings. This prevents a user from creating profiles that support Device to device (Ad hoc) network.

Import and Export

Select to import to or export profiles from a user’s computer. Enable permits auto import of user profiles when copied to an auto import folder.

Message On Radio Toggle

Enables a third-party application to notify a user that the Intel PROSet/Wireless radio is either on or off.

Microsoft Windows XP Coexistence

Select Enable Microsoft Wireless Zero Configuration and Intel PROSet/Wireless to coexist on this system.

Enable this option to allow Microsoft Wireless Zero Configuration and Intel PROSet/Wireless to exist together on this system. When you select this option, you prevent Microsoft Windows XP Wireless Zero Configuration Service from being disabled when Intel PROset/Wireless is enabled.

Pre-Logon Cisco Mode

Enable Cisco Mode during a pre-logon connection.

Cisco access points have the capability to support multiple wireless network names (SSIDs) but only broadcast one. In order to connect to such an access point, an attempt is made to connect with each profile. This is referred to as Cisco Mode.

NOTE: The pre-logon connection may take longer to connect.

Profile Connectivity

Select the profile connectivity level on a user’s computer?

Disable Intel Profile Switching. Users are only able to connect with the first Pre-Logon (Common) profile or connect with Pre-Logon profiles only.

  • Allow the user to connect to all administrator profiles.
  • Allow the user to only connect to the first administrator profile.

Security Level

Select the security level on a user's computer?

Users are able to connect to profiles only with this security level.

Single Sign On

Select which Administrator Profile types are enabled on a user computer?

  • Persistent Connection: Profiles are active during start up and when no user is logged onto the computer.
  • Pre-Logon or Common Connection: Profiles are active immediately once a user logs onto the computer.

Common profiles are enabled if Pre-Logon features are not installed on a user’s computer. Common profiles are active after a user has logged on and the session becomes active.

Persistent and Pre-Logon or Common profiles are placed at the top of the user’s profiles list. They cannot be changed or deleted by a user.

Voice over IP

Enables a third-party software to use the VoIP application on a user's computer. The default setting enables this feature.

Wi-Fi Manager

Select which Wi-Fi manager controls a user’s wireless connections. Use either the previous logged on user’s Wi-Fi manager or allow each user to select their preferred Wi-Fi manager.

  • Allow all users to switch between Intel PROSet/Wireless and Microsoft Windows XP Wireless Zero Configuration after log on.
  • Wi-Fi manager at log on is determined by the active Wi-Fi manager when the last user logged off

Close

Closes the Administrator Tool.

Help?

Provides help information for this page.

Adapter Settings

To configure Adapter Settings:

  1. Click Include settings.
  2. For each setting listed in the table below, select one of the following options:

Name

Description

Ad Hoc Channel

There is no need to change the channel unless the other computers in the ad hoc network use a different channel from the default channel.

Value: Select the allowed operating channel from the list.

  • 802.11b/g: Select this option when 802.11b and 802.11b (2.4 GHz) ad hoc band frequency is used.
  • 802.11a: Select this option when 802.11a (5 GHz) ad hoc band frequency is used.

Ad Hoc Power Management

Set power saving features for Device to Device (ad hoc) networks.

  • Disable: Select when connecting to ad hoc networks that contain stations that do not support ad hoc power management
  • Maximum Power Savings: Select to optimize battery life.
  • Noisy Environment: Select to optimize performance or connecting with multiple clients.

NOTE: This feature is not installed through an Administrator Package when a user's computer has an Intel(R) PRO/Wireless 3945BG Network Connection, an Intel PRO/Wireless 2915ABG Network Connection, or an Intel PRO/Wireless 2200BG Network Connection.

Ad Hoc QoS Mode

Quality of Service (QoS) control in ad hoc networks. QoS provides prioritization of traffic from the access point over a wireless LAN based on traffic classification. WMM (Wi-Fi MultiMedia) is the QoS certification of the Wi-Fi Alliance (WFA). When WMM is enabled, the adapter uses WMM to support priority tagging and queuing capabilities for Wi-Fi networks.

  • WMM Enabled.(Default)
  • WMM Disabled

NOTE: This feature is not installed through an Administrator Package when a user's computer has an Intel(R) PRO/Wireless 3945BG Network Connection, an Intel PRO/Wireless 2915ABG Network Connection, or an Intel PRO/Wireless 2200BG Network Connection.

Mixed Mode Protection

Use to avoid data collisions in a mixed 802.11b and 802.11g environment. Request to Send/Clear to Send (RTS/CTS) should be used in an environment where clients may not hear each other. CTS-to-self can be used to gain more throughput in an environment where clients are in close proximity and can hear each other.

Preamble Mode

Changes the preamble length setting received by the access point during an initial connection. Always use a long preamble length to connect to an access point. Auto Tx Preamble allows automatic preamble detection. If supported, short preamble should be used. If not, use long preamble (Long Tx Preamble).

NOTE: This feature is not installed through an Administrator Package when a user's computer has an Intel PRO/Wireless 3945ABG Network Connection.

Power Management

Power Management: Allows you to select a balance between power consumption and adapter performance. The wireless adapter power settings slider sets a balance between the computer's power source and the battery.

Select a balance between power consumption and adapter performance.
PSP - Power Saving Mode
CAM - Constantly Awake Mode

Select one of the Power Saving Mode levels:

PSP CAM: The client adapter is powered up continuously.
PSP Level 1: PSP set at maximum power.
PSP Levels 2-4: PSP set to maximize power.
PSP Level 5: PSP set to maximize battery life.
PSP Auto: Default in PSP Level 6: Balances between power consumption and battery life.

NOTE: Power consumption savings vary based on infrastructure settings.

Roaming Aggressiveness

This setting allows you to define how aggressively a wireless client roams to improve connection to an access point.

Click Use default value to balance between not roaming and performance or select a value from the list.

Values:

0: No Roaming: Your wireless client does not roam. Only significant link quality degradation causes it to roam to another access point
1-3: Allow Roaming
2: Default: Balances between not roaming and performance. Click Use default value to select.
4: Maximum Roaming.

Throughput Enhancement

Change the value of the Packet Burst Control.

  • Enable: Select to enable throughput enhancement.
  • Disable: (Default) - Select to disable throughput enhancement.

Transmit Power

If you decrease the transmit power, you reduce the radio coverage.

Default Setting: Highest power setting

Values:

TX Minimum: Lowest Minimum Coverage: Set the adapter to a lowest transmit power. Enable you to expand the number of coverage areas or confine a coverage area. Reduce the coverage area in high traffic areas to improve overall transmission quality and avoid congestion and interference with other devices.
TX Level 1
TX Level 2
TX Level 3
TX Maximum: Highest Maximum Coverage: Set the adapter to a maximum transmit power level. Select for maximum performance and range in environments with limited additional radio devices.

NOTE: The optimal setting is for a user to always set the transmit power at the lowest possible level still compatible with the quality of their communication. This allows the maximum number of wireless devices to operate in dense areas and reduce interference with other devices that this radio shares radio spectrum with.

NOTE: This setting takes effect when either Infrastructure or Ad hoc mode is used.

Wireless Mode

Select which band to use for connection to a wireless network:

  • 802.11a only: Connect the wireless adapter to 802.11a networks only.
  • 802.11b only: Connect the wireless adapter to 802.11b networks only.
  • 802.11g only: Connect the wireless adapter to 802.11g networks only.  
  • 802.11a and 802.11g only: Connect the wireless adapter to 802.11a and 802.11g networks only.
  • 802.11b and 802.11g only: Connect the wireless adapter to 802.11b and 802.11g networks only.
  • 802.11a, 802.11b, and 802.11g: (Default) - Connect to either 802.11a, 802.11b or 802.11g wireless networks.

NOTE: These wireless modes (modulation types) determine the discovered access points displayed in the Wireless Networks list.

OK

Saves settings and return to the previous page.

Close

Closes the page and cancels any changes.

Help?

Provides help information for this page.

Software

Select which of the Intel PROSet/Wireless applications are installed on a user's computers.

  1. Select Include Software.
  2. Place the Intel PROSet/Wireless installation CD in the CD drive.
  3. Specify the Intel PROSet/Wireless Software Installation program: Click Browse to locate the Autorun.exe file.
  4. Click OK.
  5. Specify which components you want to export: Select which applications to install on a user's computer.

NOTE: If you plan to use Novell(R) Client(TM) for Windows, it should be installed prior to installation of the Intel PROSet/Wireless software. If Intel PROSet/Wireless is already installed, you should remove it prior to installation of Novell Client for Windows.

EAP-FAST A-ID Groups

NOTE: This feature is unavailable if CCXv4 is not selected in the Administrator Tool Application Settings

An Authority Identifier (A-ID) is the radius server that provisions Protected Access Credential (PACs) A-ID groups. A-ID groups are shared by all users of the computer and allow EAP-FAST profiles to support multiple PACs from multiple A-IDs.

The A-ID groups can be pre-configured by the administrator and set up through an Administrator Package on a user's computer. When a wireless network profile encounters a server with an A-ID within the same group, it uses this PAC without a prompt to the user.

To add an A-ID Group:

  1. Select Include A-ID Groups.
  2. Click Add. Enter a new A-ID group name.
  3. Click OK. The A-ID group is added to the A-ID Group list.

If the A-ID group is locked, then additional A-IDs cannot be added to the group.

To add an A-ID to an A-ID group.

  1. Select a group from the A-ID Groups list.
  2. Click Add in the A-IDs section.
  3. Enter a new A-ID.
  4. Click OK. The A-ID is added to the list.

Administrator Tasks

How to Obtain a Client Certificate

If you do not have any certificates for EAP-TLS (TLS) or EAP-TTLS (TTLS) you must obtain a client certificate to allow authentication.

Certificates are managed from either Internet Explorer or the Microsoft Windows Control Panel.

Microsoft Windows XP and Microsoft Windows 2000: When a client certificate is obtained, do not enable strong private key protection. If you enable strong private key protection for a certificate, you need to enter an access password for the certificate every time this certificate is used. You must disable strong private key protection for the certificate if you configure the service for TLS or TTLS authentication. Otherwise, the 802.1x service fails authentication because there is no logged in user to provide the required password.

Notes about Smart Cards

After a Smart Card is installed, the certificate is automatically installed on your computer and is chosen from the personal certificate store and root certificate store.

Set up the Client for TLS authentication

Step 1: Obtain a certificate

To allow TLS authentication, you need a valid client certificate in the local repository for the logged-in user's account.  You also need a trusted CA certificate in the root store.

The following information provides two methods for obtaining a certificate:

If you do not know how to obtain a user certificate from the CA, consult your administrator for the procedure.

To install the CA on the local machine:

  1. Obtain the CA and store it on your local drive.
  2. Click Import. The Certificate Import Wizard opens.
  3. Click Next.
  4. Click Browse to locate the certificate on your local drive.
  5. Click the exported certificate.
  6. Click Open.
  7. Click Next.
  8. Click Place all certificates in the following store.
  9. Click Browse to open the Select Certificate Store.
  10. Click Show physical stores.
  11. Click OK.
  12. From the list of stores, scroll up and expand Trusted Root Certificate Authorities.
  13. Click Local Computer.
  14. Click OK.
  15. Click Next.
  16. Click Finish to complete the process.
  17. Reboot after a certificate is installed.

Use Microsoft Management Console (MMC) to verify that the CA is installed in the machine store.

  1. In the Start menu, click Run.
  2. Enter MMC.
  3. Click OK to open The Microsoft Management Console.
  4. Click File.
  5. Click Add/Remove Snap-in.
  6. Click Add to open the Add Standalone Snap-in page.
  7. Click Certificates.
  8. Click Add.
  9. Click Computer account.
  10. Click Next.
  11. Click Finish.
  12. Click Close.
  13. Click OK.
  14. In the console, click Certificates (Local Computer).
  15. Click Trusted Root Certificate Authorities.
  16. Click Certificates.
  17. Verify that the CA you just installed is listed.
  18. Click File.
  19. Click Exit to close the console.

Obtain a certificate from a Microsoft Windows 2000 CA:

  1. Start Internet Explorer and browse to the Certificate Authority HTTP Service (use an URL such as http://yourdomainserver.yourdomain/certsrv with certsrv being the command that brings you to the certificate authority. You can also use the IP address of the server machine. For example, "192.0.2.12/certsrv."
  2. Logon to the CA with the name and password of the user account you created on the authentication server. The name and password do not have to be the same as the Windows log on name and password of the current user.
  3. On the Welcome page of the CA, select Request a certificate task and submit the form.
  4. Choose Request Type: Select Advanced request.
  5. Click Next.
  6. Advanced Certificate Requests: Select Submit a certificate request to this CA using a form.
  7. Click Submit.
  8. Advanced Certificate Request: Select User certificate template.
  9. Click Mark keys as exportable.
  10. Click Next. Use the provided defaults.
  11. Certificate Issued: Click Install this certificate.

NOTE: If this is the first certificate you have obtained, the CA first asks you if it should install a trusted CA certificate in the root store. This is not a trusted CA certificate. The name on the certificate is that of the host of the CA. Click Yes. You need this certificate for both TLS and TTLS.

  1. If your certificate was successfully installed, you see the message, "Your new certificate has been successfully installed."
  2. To verify the installation, click Internet Explorer > Tools > Internet Options > Content > Certificates. The new certificate should be installed in the Personal folder.

Import a Certificate from a File

  1. Open Internet Properties (right-click on the Internet Explorer icon on the desktop.
  2. Select Properties.
  3. Content: Click Certificates. The list of installed certificates appears.
  4. Click Import to open the Certificate Import Wizard.
  5. Select the file.
  6. Specify your access password for the file. Clear Enable strong private key protection.
  7. Certificate store: Click Automatically select certificate store based on the type of certificate (the certificate must be in the user accounts personal store to be accessible).
  8. Proceed to Completing the Certificate Import and click Finish.

To configure a profile with WPA authentication with WEP or TKIP encryption that uses TLS authentication:

NOTE: Obtain and install a client certificate, refer to Step 1 or consult your administrator.

Specify the certificate used by Intel PROSet/Wireless

  1. On the Profile page, click Add to open General Settings.
  2. Profile Name: Enter a profile name.
  3. Wireless Network Name (SSID): Enter the network identifier.
  4. Operating Mode: Click Network (Infrastructure).
  5. Click Next to access the Security Settings.
  6. Click Enterprise Security.
  7. Network Authentication: Select Open (Recommended).
  8. Data Encryption: Select WEP.
  9. 802.1x Enabled: Selected.
  10. Authentication Type: Select TLS.

Step 1 of 2: TLS User

  1. Obtain and install a client certificate.
  2. Select one of the following to obtain a certificate:
  1. Click Next.

Step 2 of 2: TLS Server

  1. Select one of the following options:

Notes about Certificates: The specified identity should match the Issued to identity in the certificate and should be registered on the authentication server (for example, RADIUS server) that is used by the authenticator. Your certificate must be valid with respect to the authentication server. This requirement depends on the authentication server and generally means that the authentication server must know the issuer of your certificate as a Certificate Authority. Use the same user name you used to log in when the certificate was installed.

  1. Click OK. The profile is added to the Profiles list.
  2. Click the new profile at the end of the Profiles list. Use the up and down arrows to change the priority of the new profile.
  3. Click Connect to connect to the selected wireless network.
  4. Click OK to close Intel PROSet/Wireless.

Back to Top

Back to Contents

Trademarks and Disclaimers