We have 200 odd wireless-only laptops that I want to put on a domain. The wireless authentication is user based, so establishing a wireless connection before the logon is not possible i.e. machine authentication is not possible.
However, the credentials for wireless auth and the domain are the same. Is it possible to configure the machines so windows tries to establish the wireless connection as the first part of the logon process? i.e. SSO?
Just to make things more complicated, the wireless system uses a supplicant (SecureW2) for authentication.
A portion of the information on this page is relevant to your question. http://technet.microsoft.com/en-us/library/bb727033.aspx
I agree that removal of securew2 from the required configuration would likely aid in accomplishing this task.
We're running into the exact same problem with our campus network. The essentially user-space login page means that workstation-logon isn't working, so the workstations aren't getting their Group Policies updated. The work-around for our laptop maintainers is to plug the laptop into the wire after they're done staging it up in order to get the GPOs cached locally. GPO-based software installs just don't work, and we need it to.
What we're doing to fix this is to use a NAC solution and a separate SSID for these laptops. The NAC client ensures the system is ours and allowed to talk. We're also really looking into 802.1x systems as a way to solve it more permanently.
The network has (thankfully) moved away from secureW2 and to straight AD-based auth, so it ties in with windows much more nicely. Together with single-sign on, it almost works perfectly (machine group policy still isn't there yet though...)