best practice - giving out work wifi pwd?
fredmoogie
Member Posts: 80 ■■□□□□□□□□
What's the best way to allow a user to connect to a work wifi network (without him knowing the pwd)? we're using both win7 and mac os x.
if i type it in for him/her, he/she would still know what it is by going to security tab and show text.
so, what are my options?
if i type it in for him/her, he/she would still know what it is by going to security tab and show text.
so, what are my options?
Comments
-
sratakhin Member Posts: 818You can create a non-admin account on the user's machine and safely type the password. To reveal it, the user will have to provide admin's credentials.
Also, you may consider creating a guest network with limited access to the internal network. -
ptilsen Member Posts: 2,835 ■■■■■■■■■■If your goal is to provide employees access without providing a pre-shared key, there are several possible solutions.
Given an AD environment (for Windows) and any kind of device management solution for the Mac(s), you can deploy PSKs/wireless settings via GPO and scripts, respectively. This can be used to provide access to the wireless without actually telling the users the PSK. However, given admin rights and sufficient knowledge users could still retrieve it. I would assume in this context that is acceptable.
A better approach would be to deploy 802.1x and RADIUS ("Enterprise" authentication). This can allow you to use smart cards, computer certificates, other tokens or even biometrics to authenticate, rather than passwords. Once again, given the proper management solutions in place, these can be deployed transparently on a per-user and/or per-computer basis. AD (or any LDAP) credentials can also be used, meaning each user would connect using his or her standard credentials. In the case of the latter, this doesn't prevent users from sharing credentials, but they have those credentials anyway and could still share them.
As a compliment to any solution, I generally recommend deploying an Internet-only WiFi for guests or other employees. If the idea is to prevent employees from sharing WiFi passwords with unauthorized users, this helps prevent the desire to do so in the first place.