We are distributing wireless profiles in our Windows domain (AD servers are 2012, domain level is 2008, various client Windows versions - mostly Win7 and Win10). However, it seems we just cannot achieve the goal we want to achieve regarding saved credentials. Under "Computer configuration" - "Policies" - "Windows settings" - "Security settings" - "Wireless network policies (IEEE 802.11)", we created a "Vista and later" policy with one profile, and this has in its security pane the (seemingly only applicable) setting "Cache user information for subsequent connections to this network".
- If we uncheck this option, users are asked for their username and password each time they connect to our WLAN. The problem with this is that we'd prefer if the credentials do not have to be entered so often.
- If we check this option, users are asked only once and never again. The problem with this is that the user is not even asked for credentials if the password has been changed in the meantime and so the saved password has become invalid. In this situation, there seems to be no way for the user to re-obtain WLAN connectivity.
Questions:
- Is there any way for the users to update the login credentials with the second scenario above?
- Preferably, is there any way to configure the profile such that connection failure due to login failure makes the username/password dialog pop up, thus allowing the user to store the changed credentials?
My dirty workaround!
Created a new GP that…
On the GP Security Filtering removed Authenticated User and when needed added the Computer device, where the user needs to change their GP wi-fi profile password.
Obviously this requires abit of communication with the end user that needs to re-enter their password.