urlscan.io logo urlscan.io
SecurityTrails logo

sysmansquad.com Open in urlscan Pro
2606:4700:3035::ac43:c1b9  Public Scan

Back to summary
URL: https://sysmansquad.com/2021/10/18/get-rid-of-the-continue-connecting-prompt-for-your-policy-configured-wifi-networks/
Submission: On July 08 via api from SG — Scanned from DE

Form analysis 3 forms found in the DOM

<form id="commentform" class="comment-form">
  <iframe title="Comment Form"
    src="https://jetpack.wordpress.com/jetpack-comment/?blogid=155460887&amp;postid=3018&amp;comment_registration=0&amp;require_name_email=1&amp;stc_enabled=1&amp;stb_enabled=1&amp;show_avatars=1&amp;avatar_default=mystery&amp;greeting=Leave+a+Reply&amp;greeting_reply=Leave+a+Reply+to+%25s&amp;color_scheme=light&amp;lang=en_US&amp;jetpack_version=9.8.1&amp;show_cookie_consent=10&amp;has_cookie_consent=0&amp;token_key=%3Bnormal%3B&amp;sig=b417e615c2bedf321f34928db5332e45c3044e82#parent=https%3A%2F%2Fsysmansquad.com%2F2021%2F10%2F18%2Fget-rid-of-the-continue-connecting-prompt-for-your-policy-configured-wifi-networks%2F"
    name="jetpack_remote_comment" style="width:100%; height: 430px; border:0;" class="jetpack_remote_comment" id="jetpack_remote_comment" sandbox="allow-same-origin allow-top-navigation allow-scripts allow-forms allow-popups" scrolling="no">
  </iframe>
  <!--[if !IE]><!-->
  <script>
    document.addEventListener('DOMContentLoaded', function() {
      var commentForms = document.getElementsByClassName('jetpack_remote_comment');
      for (var i = 0; i < commentForms.length; i++) {
        commentForms[i].allowTransparency = false;
        commentForms[i].scrolling = 'no';
      }
    });
  </script>
  <!--<![endif]-->
</form>

GET https://sysmansquad.com/

<form method="get" id="searchform" class="form-search center-text" action="https://sysmansquad.com/">
  <label for="s" class="cfc-h-tx tt-upper">Type and Press “enter” to Search</label>
  <input type="text" id="s" class="search-query cfc-h-tx center-text tt-upper" name="s">
</form>

POST /2021/10/18/get-rid-of-the-continue-connecting-prompt-for-your-policy-configured-wifi-networks/

<form action="/2021/10/18/get-rid-of-the-continue-connecting-prompt-for-your-policy-configured-wifi-networks/" method="post">
  <label for="target_email">Send to Email Address</label>
  <input type="email" name="target_email" id="target_email" value="">
  <label for="source_name">Your Name</label>
  <input type="text" name="source_name" id="source_name" value="">
  <label for="source_email">Your Email Address</label>
  <input type="email" name="source_email" id="source_email" value="">
  <input type="text" id="jetpack-source_f_name" name="source_f_name" class="input" value="" size="25" autocomplete="off" title="This field is for validation and should not be changed">
  <img style="float: right; display: none" class="loading" src="https://sysmansquad.com/wp-content/plugins/jetpack/modules/sharedaddy/images/loading.gif" alt="loading" width="16" height="16" data-pagespeed-url-hash="3451454617"
    onload="pagespeed.CriticalImages.checkImageForCriticality(this);">
  <input type="submit" value="Send Email" class="sharing_send">
  <a rel="nofollow" href="#cancel" class="sharing_cancel" role="button">Cancel</a>
  <div class="errors errors-1" style="display: none;"> Post was not sent - check your email addresses! </div>
  <div class="errors errors-2" style="display: none;"> Email check failed, please try again </div>
  <div class="errors errors-3" style="display: none;"> Sorry, your blog cannot share posts by email. </div>
</form>

Text Content

SYSTEMS MANAGEMENT SQUAD

Navigation
 * Home
 * Blog
 * Join The Squad
 * Meet the Squad
 * About
 * Login
 * Search

 * Home
 * Blog
 * Join The Squad
 * Meet the Squad
 * About
 * Login
 * Search


BLOG

Home Blog Get rid of the "Continue connecting?" prompt for your
policy-configured wifi networks


GET RID OF THE “CONTINUE CONNECTING?” PROMPT FOR YOUR POLICY-CONFIGURED WIFI
NETWORKS

AaronOctober 18, 2021Endpoint Management9 Comments

UPDATES AHEAD

Based on some comments and additional feedback, additional content is added
below.

As of Windows 11, we noticed that we were getting prompted to continue
connecting to a network that we’d never had a problem with before. It’s already
defined in group policy, so this new behavior is puzzling and annoying. The
certificate in question is for the NPS/Radius server our network uses to
validate credentials for the wifi.

I really had no idea how to even begin googling for this problem, but while
talking to some of my fellow nerds on the Winadmins Discord server, tossing
around some ideas on what could be causing this, looking to see whether there
was a problem with the certificate, etc. While I was poking around and testing
these suggestions I stumbled across the fix.

In the group policy editor, find the defined wifi policies under Computer ->
policies > windows settings > Wireless Network (802.11) Policies. Open the
properties for the configuration in question.

On the General tab, find the SSID you’ve configured and click Edit. On the
Security tab, under the authentication method (Microsoft: Protected EAP in my
case), click properties.

On the Protected EAP Properties tab, the checkmark for “Verify the server’s
identity by validating the certificate” was already checked. The fix ended up
being to select the checkmark by my company’s internal CA service. After
updating the group policy on the laptop in question, the network connects
properly on login again with no further questions.

It is important to note that we’re not specifying what the server names should
be, we are merely selecting which root certificate is allowed to sign any
certificates for the radius / NPS servers that might serve this wifi connection.

To answer questions about intune, there are obvious equivalent settings in
intune wifi policies. Here is a bare-bones, heavily redacted screenshot from
production that does not show all settings, just the settings relevant to this
topic:

Hopefully this provides some additional clarity, but let me know if it doesn’t.


SHARE THIS:

 * Twitter
 * Facebook
 * Reddit
 * WhatsApp
 * LinkedIn
 * Email
 * 


LIKE THIS:

Like Loading...


9 COMMENTS ON “GET RID OF THE “CONTINUE CONNECTING?” PROMPT FOR YOUR
POLICY-CONFIGURED WIFI NETWORKS”

 1. Reply
    RTG007
    11.05.2021 at 3:14 pm
    
    Thanks, this solved the issue for me as well.
    
    Loading...
    
    
 2. Reply
    Tommy
    12.03.2021 at 12:47 pm
    
    Worked for me as well – thanks for posting this solution.
    
    Loading...
    
    
 3. Reply
    TMW
    12.03.2021 at 12:48 pm
    
    Worked for me as well – thanks for posting this solution.
    
    Loading...
    
    
 4. Reply
    Yme Stechweij
    02.16.2022 at 8:49 am
    
    Do you know how to fix this issue with a Intune setting?
    
    Loading...
    
    1. Reply
       Aaron
       02.16.2022 at 4:38 pm
       
       I’ve not yet had the misfortune of having to configure anything on my
       clients with intune. Presumably if you created a wifi profile inside
       intune it should also have a way to specify which root CAs are trusted.
       
       Update:
       It does in fact have places to put the same settings. Here are the
       relevant documents:
       https://docs.microsoft.com/en-us/mem/intune/configuration/wi-fi-settings-windows#enterprise-profile
       
       Just search for “dynamic trust” on the page.
       
       Loading...
       
       
    
 5. Reply
    Json
    02.24.2022 at 9:03 am
    
    Hope this isn’t a stupid question, but what do you mean with “select the
    checkmark by my company’s internal CA service”?
    I also have “Verify the server’s identity by validating the certificate”
    already checked in the policy.
    Thank you!
    
    Loading...
    
    1. Reply
       Aaron
       03.11.2022 at 11:59 am
       
       This assumes your company is running an internal Certificate Authority
       and did not buy a certificate from a third party vendor. For example,
       Microsoft has a server role for providing a certificate authority unique
       to your company.
       
       Loading...
       
       
    
 6. Reply
    James
    03.11.2022 at 9:28 am
    
    The other thing that Windows 11 seems to do is not allow a wildcard in the
    server names field – I had *.school.edu and while it worked fine in Wiondows
    10, Windows 11 gave users the continue connecting prompt. We already had our
    CA ticked, once I replaced the * with the CN of the certificate, Windows 11
    worked fine.
    
    Loading...
    
    1. Reply
       Aaron
       03.11.2022 at 12:00 pm
       
       I just don’t specify their names and each radius server has their own, it
       seems to work out. We push our iPads to the guest wifi so I do not often
       have to care about their weirdness. Thanks for the tip, I am sure it will
       help other people in a similar situation!
       
       Loading...
       
       
    


LEAVE A REPLY CANCEL REPLY



This site uses Akismet to reduce spam. Learn how your comment data is processed.

SQUAD POSTS

 * Aaron
   * Get rid of the “Continue connecting?” prompt for your policy-configured
     wifi networks
   * Creating an Ubuntu 20.04 cloud template & cloud-init configuration in Xen
     Orchestra
   * Create a small discord.py bot to deploy a server
   * NET-103 : Layering in Active Directory
   * NET-102: Build your lab
 * Adam Gross
   * ConfigMgr and The Case of the Mysterious
     {3DA228BE-34DA-49f4-A081-66465B077429} Folder
 * AshMT
   * Create Windows 10 Kiosk Environment
 * Chris Thomas
   * Sharing Google Meet Links With Students Safely Can Be Confusing For I.T.
     Pros, Let Alone Teachers
   * To Trust Or Not To Trust (UNSIGNED DRIVERS): That Is The Question
 * BeholdenCypress
   * Preinstalling Windows Terminal on a Generalized Windows Image
   * A Password Expiration Script
   * Microsoft Teams Cache, a burden to us all
 * Andrew Blackburn
   * Using PowerShell and Graph to update Azure AD user photos in bulk
   * Working around NPS limitations for AADJ Windows devices
 * Andrew Arsenault
   * Enrolling and Autopiloting New and Pre-existing Devices into Intune with
     ConfigMgr – EDU
 * Charles
   * Updated Modern Driver/BIOS Management with CMG Support
   * Modern BIOS Management with the Administration Service
   * Modern Driver Management with the Administration Service
 * Adam Cook
   * Create a new WinPE boot image
   * Multilingual Windows 10 20H2 OSD with ConfigMgr
   * Every day tools for the productive IT professional
   * Manage Distribution Point Content Using PSCMContentMgmt
   * Build a ConfigrMgr lab with AutomatedLab
 * Cody Mathis
   * Trigger Teams Installer for User After Machine Wide Installer
   * Collect Client Logs – The Fast Channel Way
   * Inventory Deprovisioned Windows 10 Apps
   * Reprovision Windows 10 Apps… Wait, What?
 * Jeremy Hamilton
   * Import Intune Assets into ServiceNow without the costly plugins
 * Grant
   * FSLogix App Masking Rules for M365 Apps
   * Teams Channel Notification when OSD Fails
   * Managing Multiple Office 365 Deployments with ConfigMgr
 * Nic Wendlowsky
   * Deploy Azure VPN Client to Mac
   * Evaluating Apple MDM Products
   * Finding Azure Virtual Machines in Configuration Manager
   * VPN Boundary Type and Understanding Its Options
   * Getting Reboot History and Optimizing Legacy Functions
 * Jóhannes Geir Kristjánsson
   * Removing The Built-in Teams App in Windows 11 with Intune
   * Installing The Configuration Manager Client During Autopilot
   * Setting Environmental Variables with Intune and proactive remediations
   * Setting A Default Outlook Signature in Outlook using Intune Proactive
     Remediations
   * Downloading a Device Guard Signing Service version 2 Root Certificate for
     MSIX
 * Jake Shackelford
   * Collecting Logs with Log Analytics for Intune devices
   * Mapping Network Drives on Intune Devices
   * Signing and Deploying Applications via MSIX with Intune
   * Bulk Updating Autopilot enrolled devices with Graph API and assigning a
     Group Tag based on Purchase OrderID
   * Intune/Autopilot Proactive Remediation
 * Michael De Bona
   * Give your ADR a little boost with Status Filter Rules and PowerShell
   * Use the Task Sequence deployment type to deploy an application with
     sensitive information
 * Kevin Crouch
   * Use Azure Policy to configure Boot Diagnostics Settings
   * Where is the report’s data??
   * Access Public GitHub Repo Feeds in Power Automate
   * Automating Outside of Business Hours Responses
   * Find Microsoft Accounts on Company Domains
 * Ronald Montgomery
   * Working With Internet-Optimized Task Sequences and Generic Status Messages
 * Brett Anderson
   * Keeping Up with Distribution Points

BLOG CATEGORIES

 * Azure (10)
 * Documentation (10)
 * Endpoint Management (55)
   * Graph (3)
   * Intune (14)
     * Proactive Remediation (8)
   * MECM/MEMCM/SCCM (25)
   * Task Sequence (5)
 * General (5)
 * How-To (28)
 * Microsoft (12)
   * Office (3)
 * Networking (4)
 * Scripting (31)
   * Powershell (29)
   * Python (1)
 * Uncategorized (1)
 * Windows (13)

TOP POSTS & PAGES

 * Multilingual Windows 10 20H2 OSD with ConfigMgr
 * Language Packs, Language Experience Packs, Language Interface Packs... what?!
 * Updated Modern Driver/BIOS Management with CMG Support
 * Modern Driver Management with the Administration Service
 * Trigger Teams Installer for User After Machine Wide Installer
 * Mapping Network Drives on Intune Devices
 * Use the Task Sequence deployment type to deploy an application with sensitive
   information
 * Working around NPS limitations for AADJ Windows devices
 * Intune/Autopilot Proactive Remediation
 * Create a new WinPE boot image

 * Home
 * Blog
 * Join The Squad
 * Meet the Squad
 * About
 * Login

SysManSquad

Type and Press “enter” to Search

%d bloggers like this:
Send to Email Address Your Name Your Email Address Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.