Selecting PEAP-TLS and other PEAP methods in Windows Vista and Windows Server 2008

Windows Vista and Windows Server 2008 support the Protected Extensible Authentication Protocol (PEAP) and the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) and Transport Layer Security (TLS) authentication methods for PEAP. PEAP can be used in Windows Vista and Windows Server 2008 for remote access VPN connections, 802.1X-authenticated wired connections, and for wireless connections that use the 802.1X, WPA-Enterprise, or WPA2-Enterprise security types. By default, PEAP uses PEAP-MS-CHAP v2. The use of PEAP and a PEAP authentication method is required for the 802.1X and VPN NAP enforcement methods.

For VPN and wireless connections in the Network Connections folder, the list of installed PEAP methods is displayed as a normal drop-down list box from the properties of the Microsoft: Protected EAP (PEAP) network authentication method. There is a different procedure when selecting PEAP types from the following locations:

· The Authentication tab of a wired network connection in the Network Connections folder.

· The Security tab of a Wired Network (IEEE 802.3) Policies policy in Group Policy.

· The Security tab of a Wireless Network (IEEE 802.11) Policies policy in Group Policy.

To select PEAP-TLS or additional PEAP authentication methods from these locations, you must first obtain the properties of the Microsoft: Protected EAP (PEAP) network authentication method. In the Protected EAP Properties dialog box, you must click the down arrow for Select Authentication Method, and then click the small up and down arrows just below the larger down arrow to display the installed PEAP authentication methods. Here is an example.

 Example of selecting different PEAP methods

After the desired PEAP authentication type is displayed, click on its name to select it.

For example, the following procedure selects the PEAP-TLS authentication method:

1. In Select Authentication Method, click the down arrow.

2. For PEAP-TLS, in the drop down list, directly below the down arrow, click the small down arrow to display Smart Card or other certificate, and then click Smart Card or other certificate.

Joe Davies
Senior Program Manager