Windows: Wi-Fi profile settings
Windows
: Wi-Fi
profile settingsWindows : Wi-Fi profile setting | Description |
---|---|
Connect automatically when this network is in range | This setting specifies whether devices can connect automatically to the Wi-Fi network. |
Security type | This setting specifies the type of security that the Wi-Fi network uses.Possible values:
The default value is "Open." |
Encryption type | This setting specifies the encryption method that the Wi-Fi network uses.The "Security type" setting determines which encryption types are supported and the default value for this setting. Possible values:
|
WEP key | This setting specifies the WEP key for the Wi-Fi network. The WEP key must be 10 or 26 hexadecimal characters (0-9, A-F) or 5 or 13 alphanumeric characters (0-9, A-Z).Examples of hexadecimal key values are ABCDEF0123 or ABCDEF0123456789ABCDEF0123. Examples of alphanumeric key values are abCD5 or abCDefGHijKL1. This setting is valid only if the "Security type" setting is set to "Open" and the "Encryption type" is set to "WEP." |
Key index | This setting specifies the position of the matching key stored on the wireless access point. This setting is valid only if the "Security type" setting is set to "Open" and the "Encryption type" is set to "WEP." The possible values are from 1 to 4. The default value is 2. |
Preshared key | This setting specifies the preshared key for the Wi-Fi network.This setting is valid only if the "Security type" setting is set to " WPA-Personal ." |
Enable single sign-on | This setting specifies whether the Wi-Fi network supports single sign-on authentication. This setting is valid only if the "Security type" setting is set to " WPA-Enterprise " or "WPA2-Enterprise ." |
Single sign-on type | This setting specifies when single sign-on authentication is performed. When set to “Perform immediately before user login”, single sign-on is performed before the user logs in to your organization’s Active Directory. When set to “Perform immediately after user login”, single sign-on is performed immediately after the user logs in to your organization’s Active Directory. This setting is valid only if the “Enable single sign-on" setting is selected. Possible values:
The default value is “Perform immediately before user login.” |
Maximum delay for connectivity | This setting specifies, in seconds, the maximum delay before the single sign-on connection attempt fails. This setting is valid only if the “Enable single sign-on" setting is selected. The possible values are from 0 to 120 seconds. The default value is "10 seconds." |
Allow additional dialogs to be displayed during single sign-on | This setting specifies whether a device can display dialog boxes beyond the login screen. For example, if an EAP authentication type requires a user to confirm the certificate sent from server during authentication, the device can display the dialog box. This setting is valid only if the “Enable single sign-on" setting is selected. |
This network uses separate virtual LANs for machine and user authentication | This setting specifies whether the VLAN used by a device changes based on the user's login information. For example, if the device is placed on one VLAN when it starts, and then — based on user permissions — transitions to a different VLAN network after the user logs in. This setting is valid only if the “Enable single sign-on" setting is selected. |
Validate server certificate | This setting specifies whether a device must validate the server certificate that verifies the identity of the wireless access point. This setting is valid only if the "Security type" setting is set to " WPA-Enterprise " or "WPA2-Enterprise ." |
Do not prompt user to authorize new servers or trusted certification authorities | This setting specifies whether a user is prompted to trust the server certificate. This setting is valid only if the “Validate server certificate" setting is selected. |
CA certificate profiles | This setting specifies the CA certificate profile that provides the root of trust for the server certificate that the wireless access point uses. This setting limits the root CAs that devices trust to the selected CAs. If you do not select any trusted root CAs, devices trust all root CAs listed in their trusted root certification authority store. This setting is valid only if the “Validate server certificate" setting is selected. |
Enable fast reconnect | This setting specifies whether the Wi-Fi network supports fast reconnect for PEAP authentication across multiple wireless access points. This setting is valid only if the "Security type" setting is set to " WPA-Enterprise " or "WPA2-Enterprise ." |
Enforce NAP | This setting specifies whether the Wi-Fi network uses NAP to perform system health checks on devices to verify that they meet health requirements, before connections to the network are permitted.This setting is valid only if the "Security type" setting is set to " WPA-Enterprise " or "WPA2-Enterprise ." |
Enable FIPS mode | This setting specifies whether the Wi-Fi network supports compliance with the FIPS 140-2 standard.This setting is valid only if the "Security type" setting is set to "WPA2-Enterprise" or "WPA2-Personal" and the "Encryption type" is set to "AES." |
Enable PMK caching | This setting specifies whether a device can cache the PMK to turn on WPA2 fast roaming. Fast roaming skips 802.1X settings with a wireless access point that the device authenticated with previously.This setting is valid only if the "Security type" setting is set to "WPA2-Enterprise." |
PMK time to live | This setting specifies the duration, in minutes, that a device can store the PMK in cache. This setting is valid only if the “Enable PMK caching" setting is selected. The possible values are from 5 to 1440 minutes. The default value is 720 minutes. |
Number of entries in PMK cache | This setting specifies the maximum number of PMK entries that a device can store in cache. This setting is valid only if the “Enable PMK caching" setting is selected. The possible values are from 1 to 255. The default value is 128. |
This network uses preauthentication | This setting specifies whether the access point supports preauthentication for WPA2 fast roaming. Preauthentication allows devices that connect to one wireless access point to perform 802.1X settings with other wireless access points within its range. Preauthentication stores the PMK and its associated information in the PMK cache. When the device connects to a wireless access point with which it has preauthenticated, it uses the cached PMK information to reduce the time required to authenticate and connect. This setting is valid only if the “Enable PMK caching" setting is selected. |
Maximum preauthentication attempts | This setting specifies the maximum number of allowed preauthentication attempts. This setting is valid only if the “This network uses preauthentication" setting is selected. The possible values are from 1 to 16. The default value is 3. |
Proxy type | This setting specifies the type of proxy configuration for the Wi-Fi profile. Possible settings:
The default setting is "Manual configuration." This setting applies only to Windows 10
Mobile devices. |
PAC URL | This setting specifies the URL for the web server that hosts the PAC file and the PAC file name in the format http://<web_server_URL>/<filename>.pac. This setting is valid only if the "Proxy type" setting is set to "PAC configuration." |
Address | This setting specifies the server name and port for the network proxy. Use the format host:port (for example, server01.example.com:123). The host must be one of the following:
This setting is valid only if the "Proxy type" setting is set to "Manual configuration." |
Web Proxy Autodiscovery | This setting specifies whether to enable the Web Proxy Autodiscovery Protocol (WPAD) for proxy lookup. This setting is valid only if the "Proxy type" setting is set to "Web Proxy Autodiscovery." By default, the check box is not selected. |
Turn off Internet connectivity checks | This setting specifies whether to turn off Internet connectivity checks. By default, the check box is not selected. |
Associated SCEP profile | This setting specifies the associated SCEP profile that a device uses to obtain a client certificate to authenticate with the Wi-Fi network. |