Microsoft Active Directory Group Policy Setting for Wireless Display
Microsoft Active Directory Group Policy settings must allow for Wi-Fi direct communications. Microsoft Windows 7 systems are impacted if Hosted Networks are not allowed. Microsoft Windows 8.1 and 10 systems are impacted if Wi-Fi Direct Groups are not allowed.
Domain Group Policy Settings
On a Microsoft Windows Server 2008 R2 or higher, the domain group policy for wireless network security must allow for Hosted Network and Wi-Fi Direct Groups. The options for Don’t Allow Hosted Networks and Don’t Allow Wi-Fi Direct Groups must be unselected.
Addressing Common Concerns to Allowing Hosted Networks
Hosted networks must be allowed for Microsoft Windows 7 client to participate in a wireless display session. Foundational information on Hosted Networks is available via Microsoft MSDN12. Enabling or disabling of hosted networks does not impact wireless display on Microsoft Windows 8.1 or 10 clients.
Security tools outside the scope of this implementation guide can help to identify and remediate client systems of concern, and still allow for hosted networks to be enabled.
There are two main components to a wireless hosted network within the Microsoft Windows 7 operating system:
- Virtualization of a physical wireless adapter
- Software-based access point (“Soft AP”) that is disabled by default
A common, and valid, the concern is that the hosted network will be started and the specific wireless connection settings will be known to others. As a reminder, adjusting the settings and starting the “Soft AP” requires a local administrator. If the hosted network is started and active, it will appear as an independent access point in the enterprise environment. If the system is rebooted or resumes from sleep, the hosted network status will reset to “not started”.
In consideration of the timeframe and environment when wireless hosted networks were introduced, a few environmental items have changed. Users have mobile hotspots, often via a smartphone which may be connected via USB to a client system and effectively bypasses the intended reason of disabling hosted network. Wireless is more pervasive and sharing via wireless hosted networks may be less of a requirement. An independent wireless access point in a corporate environment with wireless network monitoring tools will often be seen as a rogue access point with associated measures to isolate. Plus, as a reminder, starting the hosted network requires local administrative access which changes the security perspective of allowed user access or other potential attack surfaces.
Article is closed for comments.