=== Notice ===
This group policy should only be used for admins who are not able to use the non-ADMX setting under:
Computer Configuration -> Centrify Settings -> Mac OS X Settings -> 802.1X Settings -> Enable User Wi-Fi Profile
Non-ADMX settings will take precendence over this ADMX setting.
=== Setting Instructions ===
Open "Enable User Wi-fi Profile (ADMX)"
1. Click Enabled
2. Click Show to add the details of the Wi-Fi Profile
3. Each row corresponds to a Wi-Fi Profile with the string
ssid:{SSID},securityType:0/1,autoJoin:0/1,hiddenNetwork:0/1,proxyPACURL:{URL},proxyPACFallback:0/1
where:
SSID - SSID, any string
Security Type - 0: WEP Enterprise, 1: WPA/WPA2 Enterprise (Default: 1)
Auto join - 0: unchecked, 1: checked (Default: 1 - Checked)
Hidden network - 0: unchecked, 1: checked (Default: 0 - Unchecked)
Proxy PAC URL - The URL of the PAC file that defines the proxy configuration, any string (Default: empty).
Proxy PAC Fallback - If false, prevents the device from connecting directly to the destination if the PAC file is unreachable. 0: unchecked, 1: checked (Default: 0 - Unchecked)
Example: ssid:User,securityType:0,autoJoin:1,hiddenNetwork:0,proxyPACURL:http://myserver.mycompany.com/myproxy.pac,proxyPACFallback:0
4. Click Ok and "Apply" to close.
=== Setting Details ===
This policy currently supports TLS protocol for certificate based authentication as user.
By default, the auto-enrolled user certificates are pushed down to ~/.centrify/autouser_(name).{cert,key,chain}. They are also imported into each user's respective login keychain.
Note that user must perform the following steps manually after login to authenticate to the network as him/herself:
1. Go to System Preferences > Network > Wi-Fi.
2. Click on "Disconnect" to disconnect existing 802.1X connections, if any. (For example, if machine 802.1X Wi-Fi policy has been set, Mac will already be authenticated using machine credential)
3. Click on "Connect". This prompts the user with a list of available identities (certificate-key pair).
4. Choose the appropriate auto-enrolled user identity (certificate-key pair).
Also note that the resulting profile will be signed using the first available auto-enrolled machine certificates, which are under /var/centrify/net/certs/auto_(name).{cert,key,chain} by default.
If one is not available, the profile will be unsigned.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Mac\8021X |
Value Name | UserWifiProfileEnableADMX |
Value Type | REG_SZ |
Enabled Value | ON |
Disabled Value | OFF |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Centrify\CentrifyDC\Settings\Mac\8021X\userwifiprofile\WifiProfileADMX |
Value Name | WifiProfile_{number} |
Value Type | REG_SZ |
Default Value |