Cisco Secure Services Client Administrator Guide, Release 4.2 - Distribution Package Examples [Cisco Secure Services Client]

Distribution Package Examples

Following are examples of valid .xml distribution package files from typical enterprise environments. The file listings are augmented with crossreferences to the features indicated in the high-level descriptions. The file, sscAdminGuideExXml.zip, also distributed in the SSCAdminUtils zip file, contains all of these examples as individual .xml files, for a convenient starting point and easy text editing.

Note In all of the examples, the license string is functionally invalid. Replace with one appropriate to your application.

High-level Descriptions

•Example B-1—Illustrates only the base elements of a distribution package. No networks are defined in this example. (Use Example B-1.)

•Example B-2—illustrates the addition of minimal, nonauthenticating, open (1) Wi-Fi and (2) wired networks. (Use Example B-2.)

•Example B-3—Illustrates (1) a nonauthenticating, WPA personal Wi-Fi network with the following properties:

–(2) user connection context

–(3) WPA-Personal association with TKIP encryption

Such a network would be applicable to any corporate-supplied home equipment (where you configure the key) that your end-user might have for connecting to your enterprise network remotely. (Use Example B-3.)

Note Any of the following authenticating Wi-Fi network definitions can be extracted and used in a wired authenticating network by removing the associationMode element. Extract the following:

<authenticationNetwork>
Retain otherwise: .....
Remove this: <associationMode>...</associationMode>
</authenticationNetwork>

•Example B-4—Illustrates (1) an authenticating Wi-Fi network with the following properties:

–(2) machine/user connection context

–(3) user password credentials obtained from an initial, one-time prompt
(4) machine password obtained automatically from the MS Active Directory setup

–(5) single, tunneled EAP method

–(6) server certificated validation based on release 4.0 functionality

(Use Example B-4.)

•Example B-5—Illustrates (1) an authenticating Wi-Fi network with the following properties:

–(2) machine/user connection context

–(3) user password credentials obtained from the operating system (single-signon)
(4) machine credential obtained automatically from the MS Active Directory setup

–(5) multiple, tunneled EAP methods

–(6) server certificate validation based on multiple authentication server rules and release 4.1 (7) CA certificate deployment support

(Use Example B-5.)

•Example B-6—Illustrates (1) an authenticating, Wi-Fi network with the following properties:

–Novell domain compatible network

–(2) user connection context

–(3) user password credentials obtained from the OS (single-signon)

–(4) single, tunneled EAP method

–(5) server certificate validation based on release 4.0 functionality

(Use Example B-6.)

•Example B-7—Illustrates (1) an authenticating, Wi-Fi network with the following properties:

–(2) machine connection context

–(3) machine credentials obtained from release 4.1 static credential support

–(4) single, tunneled EAP method

–(5) server certificate validation based on release 4.0 functionality

(Use Example B-7.)

•Example B-8—Illustrates (1) an authenticating, Wi-Fi network with the following properties:

–(2) user connection context

–(3) user client certificate credentials obtained from a smartcard

–(4) TLS EAP method

–(5) server certificate validation based on release 4.0 functionality

(Use Example B-8.)

•Example B-9a—Illustrates (1) an authenticating Wi-Fi network with the following properties:

–(2) user connection context

–(3) user password credentials obtained from an initial, one-time prompt

–(4) EAP-FAST-GTC method (autonomous, authenticated PAC provisioning)

–(5) server certificate validation for PAC provisioning based on release 4.0 functionality

(Use Example B-9a.)

•Example B-9b—Illustrates (1) an authenticating Wi-Fi network with the following properties:

–(2) user connection context

–(3) user password credentials obtained from an initial, one-time prompt

–(4) EAP-FAST-GTC method (autonomous, unauthenticated PAC provisioning)

–(5) server AID validation for PAC provisioning based on release 4.0 functionality

(Use Example B-9b.)

•Example B-9c—Illustrates (1) an authenticating Wi-Fi network with the following properties:

–(2) user connection context

–(3) user password credentials obtained from an initial, one-time prompt

–(4) FAST EAP-MSCHAPv2 method with release 4.1 manual PAC provisioning support
(Cisco ACS server configured for no autonomous PAC provisioning.)

–(5) no server validation

(Use Example B-9c.)

•Example B-10—Illustrates (1) an authenticating Wi-Fi network with the following properties:

–(2) user connection context

–(3) user password credentials obtained from new release 4.1 static credential support

–(4) single, tunneled EAP method

–(5) server certificate validation based on release 4.0 functionality

(Use Example B-10.)

•Example B-11—Illustrates (1) a wired-only version with the following properties:

–(2) preset end-user version

–(3) authenticating network only

–(4) machine and user connection context

–(5) FAST EAP method only

–(6) server certificate validation

(Use Example B-11.)

File Listings

Example B-1

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-2

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(2)     <wiredNetwork>

            <displayName>My Corporate Wired Network</displayName>

            <openNetworkMachineConnection/>

        </wiredNetwork>

(1)     <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

            <openNetworkUserConnection>

                <autoConnect>true</autoConnect>

            </openNetworkUserConnection>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-3

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

            <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

        <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

(1)         <sharedKeyNetwork>

(2)             <userConnection>

                    <keySettings>

(3)                     <wpa>

                            <key>

                                <ascii encrypt="true">mySecret</ascii>

                            </key>

                            <encryption>TKIP</encryption>

                        </wpa>

                    </keySettings>

                    <autoConnect>true</autoConnect>

                </userConnection>

            </sharedKeyNetwork>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-4

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

(5)         <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

(6)         <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

(3)         <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(1)     <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

(1)         <authenticationNetwork>

(2)             <machineUserAuthentication>

                    <machine>

                        <collectionMethod>

(4)                         <auto/>

                        </collectionMethod>

                        <unprotectedIdentityPattern>host/anonymous</unprotectedIdentityPattern>

                        <protectedIdentityPattern>host/&lt;fqhn&gt;</protectedIdentityPattern>

                    </machine>

                    <user>

                        <autoConnect>

                            <connectBeforeLogon>true</connectBeforeLogon>

                        </autoConnect>

                        <collectionMethod>

(3)                         <prompt>

                                <credentialsStorage>

                                    <forever/>

                                </credentialsStorage>

                            </prompt>

                        </collectionMethod>

                        <unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

                        <protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

                    </user>

                    <eapMethods>

(5)                     <eapFast>

(6)                         <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                                <eapGtc/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </machineUserAuthentication>

                <serverValidation>

(6)                 <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-5

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="21">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

(5)         <eapFast/>

(5)         <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

(6)         <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(1)     <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

(1)         <authenticationNetwork>

(2)             <machineUserAuthentication>

                    <machine>

                        <collectionMethod>

(4)                         <auto/>

                        </collectionMethod>

                        <unprotectedIdentityPattern>host/anonymous</unprotectedIdentityPattern>

                        <protectedIdentityPattern>host/&lt;fqhn&gt;</protectedIdentityPattern>

                    </machine>

                    <user>

                        <autoConnect>

                            <connectBeforeLogon>true</connectBeforeLogon>

                        </autoConnect>

                        <collectionMethod>

(3)                         <singleSignOn/>

                        </collectionMethod>

                        <unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

                        <protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

                    </user>

                    <eapMethods>

(5)                     <eapFast>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                                <eapGtc/>

                            </innerEapMethods>

                        </eapFast>

(5)                     <eapPeap>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>false</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                                <eapGtc/>

                            </innerEapMethods>

                        </eapPeap>

                    </eapMethods>

                </machineUserAuthentication>

                <serverValidation>

(6)                 <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                        <matchSubjectAlternativeName name="Cert Rule 3" 
match="endsWith">myCorp2.net</matchSubjectAlternativeName>

                    </validationRules>

                    <trustedRootCACerts>

(7)                     <certificate>

                            <caReference>E:\path\CaCertFile</caReference>

                        </certificate>

                    </trustedRootCACerts>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-6

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

(4)         <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

(5)         <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(1)     <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

(1)         <authenticationNetwork>

(2)             <userAuthentication>

                    <autoConnect>

                        <connectBeforeLogon>true</connectBeforeLogon>

                    </autoConnect>

                    <collectionMethod>

(3)                     <singleSignOn/>

                    </collectionMethod>

                    <unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

                        <protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

                    <eapMethods>

(4)                     <eapFast>

(5)                         <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                                <eapGtc/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </userAuthentication>

                <serverValidation>

(5)                 <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-7

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

            <eapFast/>

(4)         <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

(5)         <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(1)     <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

(1)         <authenticationNetwork>

(2)             <machineAuthentication>

                    <collectionMethod>

(3)                     <static/>

                    </collectionMethod>

(3)                 <unprotectedIdentityPattern>anonymous</unprotectedIdentityPattern>

(3)                 <protectedIdentityPattern>machineName</protectedIdentityPattern>

(3)                 <staticPassword encrypt="true">machineSecret</staticPassword>

                    <eapMethods>

(4)                     <eapPeap>

                            <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                            </innerEapMethods>

                        </eapPeap>

                    </eapMethods>

                </machineAuthentication>

                <serverValidation>

(5)                 <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-8

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

(4)         <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

(5)         <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

(3)         <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(1)     <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

(1)         <authenticationNetwork>

(2)             <userAuthentication>

                    <autoConnect>

                        <connectBeforeLogon>false</connectBeforeLogon>

                    </autoConnect>

                    <collectionMethod>

                        <prompt>

                            <credentialsStorage>

(3)                             <logonSession/>

                            </credentialsStorage>

                        </prompt>

                    </collectionMethod>

                    <unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

                    <protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

                    <eapMethods>

(4)                     <eapFast>

(5)                         <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <certificateSource>

(3)                             <smartCardOnlyCertificate/>

                            </certificateSource>

                            <innerEapMethods>

(4)                             <eapTls>

                                    <validateServerIdentity>true</validateServerIdentity>

                                </eapTls>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </userAuthentication>

                <serverValidation>

(5)                 <validationRules>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-9a

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

(4)         <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

(5)         <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

(3)         <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(1)     <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

(1)         <authenticationNetwork>

(2)             <userAuthentication>

                    <autoConnect>

                        <connectBeforeLogon>false</connectBeforeLogon>

                    </autoConnect>

                    <collectionMethod>

(3)                     <prompt>

                            <credentialsStorage>

                                <forever/>

                            </credentialsStorage>

                        </prompt>

                    </collectionMethod>

                    <unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

                    <protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

                    <eapMethods>

(4)                     <eapFast>

(5)                         <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

(4)                             <eapGtc/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </userAuthentication>

                <serverValidation>

(5)                 <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-9b

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

(4)         <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

(5)         <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

(3)         <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(1)     <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

(1)         <authenticationNetwork>

(2)             <userAuthentication>

                    <autoConnect>

                        <connectBeforeLogon>false</connectBeforeLogon>

                    </autoConnect>

                    <collectionMethod>

(3)                     <prompt>

                            <credentialsStorage>

                                <forever/>

                            </credentialsStorage>

                        </prompt>

                    </collectionMethod>

                    <unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

                    <protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

                    <eapMethods>

(4)                     <eapFast>

(5)                         <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

(4)                             <eapMschapv2/>

(4)                             <eapGtc/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </userAuthentication>

                <serverValidation>

(5)                 <trustedServerIds>

                        <trustedServerId name="PAC AID Rule 1">

                            <reference>

                                <aIdReference>E:\path\pacRefFile</aIdReference>

                                <secretKey>1234</secretKey>

                            </reference>

                        </trustedServerId>

                    </trustedServerIds>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-9c

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

(4)         <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

(5)         <allowUserValidationControl/>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

(3)         <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(1)     <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

(1)         <authenticationNetwork>

(2)             <userAuthentication>

                    <autoConnect>

                        <connectBeforeLogon>false</connectBeforeLogon>

                    </autoConnect>

                    <collectionMethod>

(3)                     <prompt>

                            <credentialsStorage>

                                <forever/>

                            </credentialsStorage>

                        </prompt>

                    </collectionMethod>

                    <unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

                    <protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

(4)                 <pacs>

                        <pac>

                            <pacReference encrypt="true">E:\path\pacFile</pacReference>

                            <secretKey encrypt="true">pacPassword</secretKey>

                        </pac>

                    </pacs>

                    <eapMethods>

(4)                     <eapFast>

(5)                         <validateServerIdentity>false</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

(4)                             <eapMschapv2/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </userAuthentication>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-10

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes>

            <!--open network-->

            <open/>

            <!--shared key network-->

            <wpa-Personal/>

            <wpa2-Personal/>

            <!--authenticating network-->

            <wpa-Enterprise/>

            <wpa2-Enterprise/>

           <!--legacy WEP shared key and authenticating networks-->

            <wep/>

        </allowedAssociationModes>

        <allowedEapMethods>

            <!--wired only-->

            <eapMd5/>

            <eapMschapv2/>

            <eapGtc/>

            <!--wired or wireless-->

(4)         <eapFast/>

            <eapPeap/>

            <eapTls/>

            <eapTtls/>

            <leap/>

        </allowedEapMethods>

        <serverValidationPolicy>

(5)         <alwaysValidate>

                <allowUserTrustedServers>true</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

            <duration>5</duration>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(1)     <wifiNetwork>

            <displayName>My Corporate Wi-Fi Network</displayName>

            <ssid>MyCorpNet</ssid>

            <associationRetries>3</associationRetries>

            <beaconing>true</beaconing>

(1)         <authenticationNetwork>

(2)             <userAuthentication>

                    <autoConnect>

                        <connectBeforeLogon>false</connectBeforeLogon>

                    </autoConnect>

                    <collectionMethod>

(3)                     <static/>

                    </collectionMethod>

(3)                 <unprotectedIdentityPattern>anonymous@engr.myCompany.com</unprotectedIdentityPattern>

(3)                 <protectedIdentityPattern>userName</protectedIdentityPattern>

(3)                 <staticPassword encrypt="true">userSecret</staticPassword>

                    <eapMethods>

(4)                     <eapFast>

(5)                         <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </userAuthentication>

                <serverValidation>

(5)                 <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                <associationMode>

                    <wpa-Enterprise>TKIP</wpa-Enterprise>

                </associationMode>

            </authenticationNetwork>

        </wifiNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>true</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

        <clientUIType>configurable</clientUIType>

        <allowLicensing>false</allowLicensing>

        <allowedMedia>

            <wired/>

            <wifi/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

Example B-11

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

    <networkPolicy>

        <allowedAssociationModes></allowedAssociationModes>

        <allowedEapMethods>

(5)         <eapFast/>

        </allowedEapMethods>

        <serverValidationPolicy>

(6)         <alwaysValidate>

                <allowUserTrustedServers>false</allowUserTrustedServers>

            </alwaysValidate>

        </serverValidationPolicy>

        <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

        <allowedCredentialStorage>

            <forever/>

            <logonSession/>

        </allowedCredentialStorage>

        <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

        <allowPublicProfileCreation>false</allowPublicProfileCreation>

        <allowedClientCertificates>

            <noEkuFilter/>

        </allowedClientCertificates>

    </networkPolicy>

    <networks>

(1)     <wiredNetwork>

            <displayName>My Corporate Wired Network</displayName>

(3)         <authenticationNetwork>

(4)             <machineUserAuthentication>

                    <machine>

                        <collectionMethod>

                            <auto/>

                        </collectionMethod>

                        <unprotectedIdentityPattern>host/anonymous</unprotectedIdentityPattern>

                        <protectedIdentityPattern>host/&lt;fqhn&gt;</protectedIdentityPattern>

                    </machine>

                    <user>

                        <autoConnect>

                            <connectBeforeLogon>true</connectBeforeLogon>

                        </autoConnect>

                        <collectionMethod>

                            <singleSignOn/>

                        </collectionMethod>

                        <unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

                        <protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

                    </user>

                    <eapMethods>

(5)                     <eapFast>

(6)                         <validateServerIdentity>true</validateServerIdentity>

                            <enableFastReconnect>true</enableFastReconnect>

                            <protectClientCertificate>true</protectClientCertificate>

                            <innerEapMethods>

                                <eapMschapv2/>

                            </innerEapMethods>

                        </eapFast>

                    </eapMethods>

                </machineUserAuthentication>

                <serverValidation>

(6)                 <validationRules>

                        <matchSubjectAlternativeName name="Cert Rule 1" 
match="endsWith">myCorp.com</matchSubjectAlternativeName>

                        <matchSubjectName name="Cert Rule 2" match="exactly">My 
Corporation</matchSubjectName>

                    </validationRules>

                    <trustAnyRootCaFromOs/>

                </serverValidation>

                <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

                <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

                </authenticationNetwork>

            </wiredNetwork>

    </networks>

    <stationSettings>

        <simultaneousConnections>singleHomed</simultaneousConnections>

        <validateWpaHandshake>false</validateWpaHandshake>

    </stationSettings>

    <userControlPolicy>

(2)     <clientUIType>preset</clientUIType>

        <allowLicensing>false</allowLicensing>

(1)     <allowedMedia>

            <wired/>

        </allowedMedia>

    </userControlPolicy>

</configuration>

	Cisco Secure Services Client Administrator Guide, Release 4.2
	Distribution Package Examples
Cisco Secure Services Client Administrator Guide, Release 4.2 Preface Enterprise Deployment Schema Elements Network Decision Tree Flow Diagram Distribution Package Examples Postprocessing Verification Errors	Download this chapter Distribution Package Examples Download the complete book SSC Administrator Guide Full Length Book PDF (PDF - 750 KB) Feedback Table Of Contents Distribution Package Examples High-level Descriptions File Listings Distribution Package Examples Following are examples of valid .xml distribution package files from typical enterprise environments. The file listings are augmented with crossreferences to the features indicated in the high-level descriptions. The file, sscAdminGuideExXml.zip, also distributed in the SSCAdminUtils zip file, contains all of these examples as individual .xml files, for a convenient starting point and easy text editing. Note In all of the examples, the license string is functionally invalid. Replace with one appropriate to your application. High-level Descriptions •Example B-1—Illustrates only the base elements of a distribution package. No networks are defined in this example. (Use Example B-1.) •Example B-2—illustrates the addition of minimal, nonauthenticating, open (1) Wi-Fi and (2) wired networks. (Use Example B-2.) •Example B-3—Illustrates (1) a nonauthenticating, WPA personal Wi-Fi network with the following properties: –(2) user connection context –(3) WPA-Personal association with TKIP encryption Such a network would be applicable to any corporate-supplied home equipment (where you configure the key) that your end-user might have for connecting to your enterprise network remotely. (Use Example B-3.) Note Any of the following authenticating Wi-Fi network definitions can be extracted and used in a wired authenticating network by removing the associationMode element. Extract the following: <authenticationNetwork> Retain otherwise: ..... Remove this: <associationMode>...</associationMode> </authenticationNetwork> •Example B-4—Illustrates (1) an authenticating Wi-Fi network with the following properties: –(2) machine/user connection context –(3) user password credentials obtained from an initial, one-time prompt (4) machine password obtained automatically from the MS Active Directory setup –(5) single, tunneled EAP method –(6) server certificated validation based on release 4.0 functionality (Use Example B-4.) •Example B-5—Illustrates (1) an authenticating Wi-Fi network with the following properties: –(2) machine/user connection context –(3) user password credentials obtained from the operating system (single-signon) (4) machine credential obtained automatically from the MS Active Directory setup –(5) multiple, tunneled EAP methods –(6) server certificate validation based on multiple authentication server rules and release 4.1 (7) CA certificate deployment support (Use Example B-5.) •Example B-6—Illustrates (1) an authenticating, Wi-Fi network with the following properties: –Novell domain compatible network –(2) user connection context –(3) user password credentials obtained from the OS (single-signon) –(4) single, tunneled EAP method –(5) server certificate validation based on release 4.0 functionality (Use Example B-6.) •Example B-7—Illustrates (1) an authenticating, Wi-Fi network with the following properties: –(2) machine connection context –(3) machine credentials obtained from release 4.1 static credential support –(4) single, tunneled EAP method –(5) server certificate validation based on release 4.0 functionality (Use Example B-7.) •Example B-8—Illustrates (1) an authenticating, Wi-Fi network with the following properties: –(2) user connection context –(3) user client certificate credentials obtained from a smartcard –(4) TLS EAP method –(5) server certificate validation based on release 4.0 functionality (Use Example B-8.) •Example B-9a—Illustrates (1) an authenticating Wi-Fi network with the following properties: –(2) user connection context –(3) user password credentials obtained from an initial, one-time prompt –(4) EAP-FAST-GTC method (autonomous, authenticated PAC provisioning) –(5) server certificate validation for PAC provisioning based on release 4.0 functionality (Use Example B-9a.) •Example B-9b—Illustrates (1) an authenticating Wi-Fi network with the following properties: –(2) user connection context –(3) user password credentials obtained from an initial, one-time prompt –(4) EAP-FAST-GTC method (autonomous, unauthenticated PAC provisioning) –(5) server AID validation for PAC provisioning based on release 4.0 functionality (Use Example B-9b.) •Example B-9c—Illustrates (1) an authenticating Wi-Fi network with the following properties: –(2) user connection context –(3) user password credentials obtained from an initial, one-time prompt –(4) FAST EAP-MSCHAPv2 method with release 4.1 manual PAC provisioning support (Cisco ACS server configured for no autonomous PAC provisioning.) –(5) no server validation (Use Example B-9c.) •Example B-10—Illustrates (1) an authenticating Wi-Fi network with the following properties: –(2) user connection context –(3) user password credentials obtained from new release 4.1 static credential support –(4) single, tunneled EAP method –(5) server certificate validation based on release 4.0 functionality (Use Example B-10.) •Example B-11—Illustrates (1) a wired-only version with the following properties: –(2) preset end-user version –(3) authenticating network only –(4) machine and user connection context –(5) FAST EAP method only –(6) server certificate validation (Use Example B-11.) File Listings Example B-1 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-2 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (2) <wiredNetwork> <displayName>My Corporate Wired Network</displayName> <openNetworkMachineConnection/> </wiredNetwork> (1) <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> <openNetworkUserConnection> <autoConnect>true</autoConnect> </openNetworkUserConnection> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-3 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> (1) <sharedKeyNetwork> (2) <userConnection> <keySettings> (3) <wpa> <key> <ascii encrypt="true">mySecret</ascii> </key> <encryption>TKIP</encryption> </wpa> </keySettings> <autoConnect>true</autoConnect> </userConnection> </sharedKeyNetwork> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-4 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> (5) <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> (6) <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> (3) <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (1) <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> (1) <authenticationNetwork> (2) <machineUserAuthentication> <machine> <collectionMethod> (4) <auto/> </collectionMethod> <unprotectedIdentityPattern>host/anonymous</unprotectedIdentityPattern> <protectedIdentityPattern>host/<fqhn></protectedIdentityPattern> </machine> <user> <autoConnect> <connectBeforeLogon>true</connectBeforeLogon> </autoConnect> <collectionMethod> (3) <prompt> <credentialsStorage> <forever/> </credentialsStorage> </prompt> </collectionMethod> <unprotectedIdentityPattern>anonymous@<domain></unprotectedIdentityPattern> <protectedIdentityPattern><username></protectedIdentityPattern> </user> <eapMethods> (5) <eapFast> (6) <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> <eapGtc/> </innerEapMethods> </eapFast> </eapMethods> </machineUserAuthentication> <serverValidation> (6) <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-5 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="21"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> (5) <eapFast/> (5) <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> (6) <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (1) <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> (1) <authenticationNetwork> (2) <machineUserAuthentication> <machine> <collectionMethod> (4) <auto/> </collectionMethod> <unprotectedIdentityPattern>host/anonymous</unprotectedIdentityPattern> <protectedIdentityPattern>host/<fqhn></protectedIdentityPattern> </machine> <user> <autoConnect> <connectBeforeLogon>true</connectBeforeLogon> </autoConnect> <collectionMethod> (3) <singleSignOn/> </collectionMethod> <unprotectedIdentityPattern>anonymous@<domain></unprotectedIdentityPattern> <protectedIdentityPattern><username></protectedIdentityPattern> </user> <eapMethods> (5) <eapFast> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> <eapGtc/> </innerEapMethods> </eapFast> (5) <eapPeap> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>false</protectClientCertificate> <innerEapMethods> <eapMschapv2/> <eapGtc/> </innerEapMethods> </eapPeap> </eapMethods> </machineUserAuthentication> <serverValidation> (6) <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> <matchSubjectAlternativeName name="Cert Rule 3" match="endsWith">myCorp2.net</matchSubjectAlternativeName> </validationRules> <trustedRootCACerts> (7) <certificate> <caReference>E:\path\CaCertFile</caReference> </certificate> </trustedRootCACerts> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-6 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> (4) <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> (5) <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (1) <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> (1) <authenticationNetwork> (2) <userAuthentication> <autoConnect> <connectBeforeLogon>true</connectBeforeLogon> </autoConnect> <collectionMethod> (3) <singleSignOn/> </collectionMethod> <unprotectedIdentityPattern>anonymous@<domain></unprotectedIdentityPattern> <protectedIdentityPattern><username></protectedIdentityPattern> <eapMethods> (4) <eapFast> (5) <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> <eapGtc/> </innerEapMethods> </eapFast> </eapMethods> </userAuthentication> <serverValidation> (5) <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-7 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> <eapFast/> (4) <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> (5) <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (1) <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> (1) <authenticationNetwork> (2) <machineAuthentication> <collectionMethod> (3) <static/> </collectionMethod> (3) <unprotectedIdentityPattern>anonymous</unprotectedIdentityPattern> (3) <protectedIdentityPattern>machineName</protectedIdentityPattern> (3) <staticPassword encrypt="true">machineSecret</staticPassword> <eapMethods> (4) <eapPeap> <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> </innerEapMethods> </eapPeap> </eapMethods> </machineAuthentication> <serverValidation> (5) <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-8 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> (4) <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> (5) <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> (3) <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (1) <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> (1) <authenticationNetwork> (2) <userAuthentication> <autoConnect> <connectBeforeLogon>false</connectBeforeLogon> </autoConnect> <collectionMethod> <prompt> <credentialsStorage> (3) <logonSession/> </credentialsStorage> </prompt> </collectionMethod> <unprotectedIdentityPattern>anonymous@<domain></unprotectedIdentityPattern> <protectedIdentityPattern><username></protectedIdentityPattern> <eapMethods> (4) <eapFast> (5) <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <certificateSource> (3) <smartCardOnlyCertificate/> </certificateSource> <innerEapMethods> (4) <eapTls> <validateServerIdentity>true</validateServerIdentity> </eapTls> </innerEapMethods> </eapFast> </eapMethods> </userAuthentication> <serverValidation> (5) <validationRules> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-9a <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> (4) <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> (5) <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> (3) <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (1) <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> (1) <authenticationNetwork> (2) <userAuthentication> <autoConnect> <connectBeforeLogon>false</connectBeforeLogon> </autoConnect> <collectionMethod> (3) <prompt> <credentialsStorage> <forever/> </credentialsStorage> </prompt> </collectionMethod> <unprotectedIdentityPattern>anonymous@<domain></unprotectedIdentityPattern> <protectedIdentityPattern><username></protectedIdentityPattern> <eapMethods> (4) <eapFast> (5) <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> (4) <eapGtc/> </innerEapMethods> </eapFast> </eapMethods> </userAuthentication> <serverValidation> (5) <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-9b <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> (4) <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> (5) <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> (3) <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (1) <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> (1) <authenticationNetwork> (2) <userAuthentication> <autoConnect> <connectBeforeLogon>false</connectBeforeLogon> </autoConnect> <collectionMethod> (3) <prompt> <credentialsStorage> <forever/> </credentialsStorage> </prompt> </collectionMethod> <unprotectedIdentityPattern>anonymous@<domain></unprotectedIdentityPattern> <protectedIdentityPattern><username></protectedIdentityPattern> <eapMethods> (4) <eapFast> (5) <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> (4) <eapMschapv2/> (4) <eapGtc/> </innerEapMethods> </eapFast> </eapMethods> </userAuthentication> <serverValidation> (5) <trustedServerIds> <trustedServerId name="PAC AID Rule 1"> <reference> <aIdReference>E:\path\pacRefFile</aIdReference> <secretKey>1234</secretKey> </reference> </trustedServerId> </trustedServerIds> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-9c <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> (4) <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> (5) <allowUserValidationControl/> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> (3) <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (1) <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> (1) <authenticationNetwork> (2) <userAuthentication> <autoConnect> <connectBeforeLogon>false</connectBeforeLogon> </autoConnect> <collectionMethod> (3) <prompt> <credentialsStorage> <forever/> </credentialsStorage> </prompt> </collectionMethod> <unprotectedIdentityPattern>anonymous@<domain></unprotectedIdentityPattern> <protectedIdentityPattern><username></protectedIdentityPattern> (4) <pacs> <pac> <pacReference encrypt="true">E:\path\pacFile</pacReference> <secretKey encrypt="true">pacPassword</secretKey> </pac> </pacs> <eapMethods> (4) <eapFast> (5) <validateServerIdentity>false</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> (4) <eapMschapv2/> </innerEapMethods> </eapFast> </eapMethods> </userAuthentication> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-10 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes> <!--open network--> <open/> <!--shared key network--> <wpa-Personal/> <wpa2-Personal/> <!--authenticating network--> <wpa-Enterprise/> <wpa2-Enterprise/> <!--legacy WEP shared key and authenticating networks--> <wep/> </allowedAssociationModes> <allowedEapMethods> <!--wired only--> <eapMd5/> <eapMschapv2/> <eapGtc/> <!--wired or wireless--> (4) <eapFast/> <eapPeap/> <eapTls/> <eapTtls/> <leap/> </allowedEapMethods> <serverValidationPolicy> (5) <alwaysValidate> <allowUserTrustedServers>true</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> <duration>5</duration> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (1) <wifiNetwork> <displayName>My Corporate Wi-Fi Network</displayName> <ssid>MyCorpNet</ssid> <associationRetries>3</associationRetries> <beaconing>true</beaconing> (1) <authenticationNetwork> (2) <userAuthentication> <autoConnect> <connectBeforeLogon>false</connectBeforeLogon> </autoConnect> <collectionMethod> (3) <static/> </collectionMethod> (3) <unprotectedIdentityPattern>anonymous@engr.myCompany.com</unprotectedIdentityPattern> (3) <protectedIdentityPattern>userName</protectedIdentityPattern> (3) <staticPassword encrypt="true">userSecret</staticPassword> <eapMethods> (4) <eapFast> (5) <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> </innerEapMethods> </eapFast> </eapMethods> </userAuthentication> <serverValidation> (5) <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> <associationMode> <wpa-Enterprise>TKIP</wpa-Enterprise> </associationMode> </authenticationNetwork> </wifiNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>true</validateWpaHandshake> </stationSettings> <userControlPolicy> <clientUIType>configurable</clientUIType> <allowLicensing>false</allowLicensing> <allowedMedia> <wired/> <wifi/> </allowedMedia> </userControlPolicy> </configuration> Example B-11 <?xml version="1.0" encoding="UTF-8"?> <configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2"> <license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license> <networkPolicy> <allowedAssociationModes></allowedAssociationModes> <allowedEapMethods> (5) <eapFast/> </allowedEapMethods> <serverValidationPolicy> (6) <alwaysValidate> <allowUserTrustedServers>false</allowUserTrustedServers> </alwaysValidate> </serverValidationPolicy> <allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl> <allowedCredentialStorage> <forever/> <logonSession/> </allowedCredentialStorage> <allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl> <allowPublicProfileCreation>false</allowPublicProfileCreation> <allowedClientCertificates> <noEkuFilter/> </allowedClientCertificates> </networkPolicy> <networks> (1) <wiredNetwork> <displayName>My Corporate Wired Network</displayName> (3) <authenticationNetwork> (4) <machineUserAuthentication> <machine> <collectionMethod> <auto/> </collectionMethod> <unprotectedIdentityPattern>host/anonymous</unprotectedIdentityPattern> <protectedIdentityPattern>host/<fqhn></protectedIdentityPattern> </machine> <user> <autoConnect> <connectBeforeLogon>true</connectBeforeLogon> </autoConnect> <collectionMethod> <singleSignOn/> </collectionMethod> <unprotectedIdentityPattern>anonymous@<domain></unprotectedIdentityPattern> <protectedIdentityPattern><username></protectedIdentityPattern> </user> <eapMethods> (5) <eapFast> (6) <validateServerIdentity>true</validateServerIdentity> <enableFastReconnect>true</enableFastReconnect> <protectClientCertificate>true</protectClientCertificate> <innerEapMethods> <eapMschapv2/> </innerEapMethods> </eapFast> </eapMethods> </machineUserAuthentication> <serverValidation> (6) <validationRules> <matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName> <matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName> </validationRules> <trustAnyRootCaFromOs/> </serverValidation> <interactiveAuthenticationRetries>4</interactiveAuthenticationRetries> <nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries> </authenticationNetwork> </wiredNetwork> </networks> <stationSettings> <simultaneousConnections>singleHomed</simultaneousConnections> <validateWpaHandshake>false</validateWpaHandshake> </stationSettings> <userControlPolicy> (2) <clientUIType>preset</clientUIType> <allowLicensing>false</allowLicensing> (1) <allowedMedia> <wired/> </allowedMedia> </userControlPolicy> </configuration>
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks

Table Of Contents

Distribution Package Examples

High-level Descriptions

File Listings

Example B-1

Example B-2

Example B-3

Example B-4

Example B-5

Example B-6

Example B-7

Example B-8

Example B-9a

Example B-9b

Example B-9c

Example B-10

Example B-11