Customize Windows8 dot1x / PEAP WiFi username per SSID

networking wifi windows-8

It's a seemingly simple question.

How can I customize the WPA2 Enterprise username in Windows8, per SSID?

Registry hacks are fine with me.

Hover below for background info (not really required to answer the question):

PROBLEM DETAILS:

We run WPA2 Enterprise (dot1x / PEAP) on our BYOD wlan with rotating credentials; one persistent problem I've not been able to solve is how I can get Windows 8 clients on this network.

The problem is that when people try to join with Windows8, Windows always sends the logged-in user's username by default. That's fine if you're going to use it, but our security policy forces us to use a static BYOD WPA2 Enterprise username and password on our Wireless Controller (rotated regularly).

It's not very hard to change this behavior in Windows 7, but Windows 8 introduced a new level of insanityGUI which makes it very hard to find how you customize the wlan's WPA2 Enterprise username.

ENVIRONMENT DETAILS:

1. People are encouraged to bring their own devices and use two factor IPSec VPN through the BYOD WiFi to their company desktop as they like.

2. This means that the logged in username on the BYOD device cannot be predicted... That's part of the reason for static BYOD WiFi credentials.

3. Even though Windows 8 asks for a WPA2 Enterprise username when you join, by default it overrides it and still uses the wrong username

4. The company network and BYOD network are firewalled from each other for all the obvious reasons.

5. Authentication stores are outside the scope of this question.

@EEAA correctly pointed out that parts of the security policy aren't helpful, but I still need to solve the problem. The problem exists regardless of whether we use a static username or rotating username.

Try this:

  1. Open the Control Panel > Network and Sharing Center
  2. Select your network ID, click on Wireless Properties > Security tab.
  3. Ensure that WPA2 Enterprise is selected as the security type.
  4. Under "Select a network authentication method", select Microsoft: Protected EAP (PEAP).
  5. Next to this drop-down menu, click Settings.
  6. Under "Select Authentication Method", select Secured Password (EAP-MSCHAP v2)
  7. Next to this drop-down menu, click Configure.
  8. Deselect the box that says, "Automatically use my Windows login name and password option (and domain, if any)".

Related

IP addresses denied in /etc/hosts.allow appear in /etc/csf/csf.deny?
How to configure a MikroTik hAP ac lite router as a Layer 2 switch?
NFS Performance issues on Oracle Linux 6.7: Shared libraries on NFS slow down system
What AWS service to avoid CORS issues with S3 static content and aws backends
How do I tell why a systemd service was started?
sftp How to get stat attributes?
Connection timed out on new AWS RDS instances - can connect to older, almost identical RDS with no issue
postfix/smtp: fatal: unknown service: smtp/tcp – but /var/spool/postfix/etc/services exists
RabbitMq Management plugin only on localhost
ssh warning: <no hostip for proxy command>
file copy using restore privilege
Confusion with Jenkins Docker Plugin and Jenkins Docker Slaves