In this example GPO will be used to push an SSID configured for machine authentication using EAP-TLS to Windows 7 domain member systems.
1. Open the domain Group Policy Management snap-in.
2. Create a new GPO or use an existing GPO.
3. Edit the GPO and navigate to Computer Configuration>Policies> Window Settings>Security Settings>Public Key Policies>Wireless Network (IEEE 801.X) Policies.
4. Right Click Wireless Network (IEEE 801.X) Policies and choose Create a New Windows Vista Policy.
5. Provide a Vista Policy Name:.
6. Click Add for Connect to available networks...
7. Choose Infrastructure.
8. On the Connection tab, provide a Profile Name: and enter the SSID of the wireless network for Network Name(s). Click Add.
9. Click the Security tab. Configure the following:
Authentication: WPA2-Enterprise or WPA-Enterprise
Encryption: AES or TKIP
Network Authentication Method: Smart card or other certificate
Authentication mode: Computer Authentication.
10. Click Properties.
11. For Trusted Root Certification Authorities select the check box next to each CA in the Active Directory PKI infrastructure and click OK.
12. Click OK to close out and click Apply on wireless policy page to save the settings.
13. Apply the GPO to the domain or OU containing the domain member computers.