Deploying Certificates to Users and Computers
The following sections provide recommendations for deploying the necessary certificates for 802.1x authentication for wireless networks.
When implementing 802.1x authentication, it is recommended to use Windows Server 2008 Network Policy Server (NPS) as the RADIUS server. The implementation of computer running Windows Server 2008 allows you to restrict certificate-based authentication to certificates with a designated OID in the certificate, such as a custom application policy OID.
To enable autoenrollment of the RAS and IAS Server certificates:
Ensure that the RADIUS server’s computer account has membership in a custom universal or global group assigned Read, Enroll, and Autoenroll permissions ...