EDIT: This topic has now been blogged in detail here.
Since the dawn of time, Windows PE (WinPE) has not had any support for the 802.1x authentication protocol. This meant that any network deployment of Windows via a network secured with 802.1x was a non-starter, causing headaches for a few on my customers; I actually had one customer that ran new network cables to a majority of the desks in order to be able to deploy Windows XP over the network.
However, thanks in part to a colleague of mine who worked on this, Microsoft has released hotfixes that now add 802.1x support to both WinPE 2.1 and WinPE 3.0. You can get the hotfixes and further information at the below links:
WinPE 2.1: http://support.microsoft.com/kb/975483
WinPE 3.0: http://support.microsoft.com/kb/972831
I wanted to share the links now, but in the near future I will write up a post on how to use these hotfixes in your deployments.
This post was contributed by Daniel Oxley a consultant with Microsoft Consulting Services Spain
OMG, this is the best news I've heard all year. I can't wait for your followup article! This will make my job about a thousand times easier.
Just wondering, how is it that a KB article is published and a Hotfix made available all in lieu of -any- documentation!?
We are still eagerly awaiting Microsoft to show us how it works. In ConfigMgr 2007 OSD would be really handy.
So, Microsoft spent time working on 802.1x support for WinPE, but remains completely silent on supporting PowerShell / .NET in WinPE?
@Nick - if you note, you have to request the hotfix from Microsoft support in order to download it. this is because it is not part of the standard components for WinPE and can be complicated to implement.
The reason that I have not posted a guide for it yet is that I am still working on it. It is important to get it right first time, and make it easy to understand. Unfortunately, work commitments provide me little free time at the moment to work on this (and blogging is something we do in our free time). Rest assured, that the article will be posted soon.
@Trevor - 802.1x support was added to WinPE because there were multiple requests made for it, as it was a specific business scenario that our customers had. The failure to deploy computers over a network was an issue that was being experienced by many customers.
Please remember that WinPE is purely an environment used for deploying Windows, conseqeuntly the .NET framework is not included. I can't comment on whether it will be in future versions or not, but if enough customers require it then, assuming that discuss it with support, a hotfix may very well be provided.
I was intimating that I felt that Microsoft should have held these hotfixes back until such time that it could provide proper documentation with them, in an official manner.
In lieu of it, they are practically useless.
Nothing to do with your blogging, or the documentation that you personally are working on :)
(I feel, quite strongly, that Microsoft shouldn't expect people to have to scour blog posts for the requisit infomation to use a feature in your products.)
Extremely eager to read through this documentation...
Any chance of getting sight of documentation?
Microsoft has draft documents for configuring this. I opened a premier support ticket and they sent them to me in an unfinished state. I'm still trying to get it working.
Useful information can be found at: http://social.technet.microsoft.com/Forums/en/configmgrosd/thread/d246a2e0-2418-4906-ad04-5f14f858a1cd
Mike - Assuming you're not under any form of NDA etc, would there be any chance you could put a copy of them up somewhere?
First of all, I want to apologise for the lack of responses from me. I need to fix this!
I have not neglected this topic, but as you'll see soon, this is a rather complicated and long article to write as it covers many topics and areas that can be quite difficult.
It has taken me a lot longer to get all of the information together, and a lot of the process have been defined through sheer trial and error. Also, given the fact that I can't test this all in Hyper-V - the publishing of the post has gotten delayed.
I am hoping to publish the post this week or early next week, I need to finish going through it and also test all the steps first to make sure it is right.
Again, apologies for the delay,
I don't see how this WinPE fix can help 802.1x auth unless you create a WinPE disk. Then it's not really PXE-boot neither, as you boot from a disk or USB.
when a client tries to connect thru a 802.1x enabled port, after you press F12, it sends out a Bootp request to the the ip address of the ftp-server where it can download the new image, incl WinPe. However, the client don't get an ip address because of the EAPOL autentication. The client has nothing to ID itself with, except for the MAC-address. Hence, this will not fix 802.1x support for PXE boot. Or have I missed out on something?
If the documentation is not ready, could you please guide me that where should I install this update. We have Windows 2008 WDS, should I install on this server? If yes, it couldn't be installed. Kindly, tell us some basic installation or configuration tips or guidance.
Najam, see this post: http://blogs.technet.com/deploymentguys/archive/2010/03/02/adding-support-for-802-1x-to-winpe.aspx