Bulk Deploy Additional EAP-TTLS Configuration on Windows via MDM | Admin Guide - Zoho Directory

Bulk Deploy Additional EAP-TTLS Configuration on Windows via MDM

Prerequisites

  1. Organization owner
  2. Organization admin
  3. Technician role in ManageEngine Endpoint Central
Cloud RADIUS secures Wi-Fi access by authenticating devices before granting access. However, Mac and Windows devices require manual setup (such as adding certificates, and configuring security methods). In large organizations, this manual process is time-consuming and error-prone. Zoho One solves this issue by using Zoho ManageEngine Endpoint Central (MDM), allowing IT teams to push Wi-Fi configurations in bulk using custom scripts and profiles.

Step 1: Prepare the Wi-Fi Profile

  1. Edit the provided XML code by replacing all instances of Your_SSID_Name with your actual Wi-Fi SSID.

    1. <?xml version="1.0"?>
    2. <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
    3. <name>Your_SSID_Name</name>
    4. <SSIDConfig>
    5. <SSID>
    6. <name>Your_SSID_Name</name>
    7. </SSID>
    8. </SSIDConfig>
    9. <connectionType>ESS</connectionType>
    10. <connectionMode>auto</connectionMode>
    11. <MSM>
    12. <security>
    13. <authEncryption>
    14. <authentication>WPA2</authentication>
    15. <encryption>AES</encryption>
    16. <useOneX>true</useOneX>
    17. </authEncryption>
    18. <OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
    19. <cacheUserData>true</cacheUserData>
    20. <authMode>user</authMode>
    21. <EAPConfig>
    22. <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
    23. <EapMethod>
    24. <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type>
    25. <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
    26. <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
    27. <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId>
    28. </EapMethod>
    29. <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
    30. <EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1">
    31. <ServerValidation>
    32. <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
    33. <ServerNames></ServerNames>
    34. </ServerValidation>
    35. <Phase2Authentication>
    36. <PAPAuthentication/>
    37. </Phase2Authentication>
    38. <Phase1Identity>
    39. <IdentityPrivacy>false</IdentityPrivacy>
    40. </Phase1Identity>
    41. </EapTtls>
    42. </Config>
    43. </EapHostConfig>
    44. </EAPConfig>
    45. </OneX>
    46. </security>
    47. </MSM>
    48. </WLANProfile>

  2. Save this edited code as "WiFi-Profile.xml" in your local storage.
  3. Edit the custom script provided below to reference the path of the saved XML file.

    1. netsh wlan add profile filename=".\WiFi-Profile.xml" user=all

  4. Save this script as "Radius.bat".

Step 2: Add script to Repository in Endpoint Central

  1. Sign in to ManageEngine Endpoint Central. If you are a new user, you can sign up here to create an account. 
  2. Click Configurations on the top bar.
  3. In the left menu, under Settings, click Script Repository.
  4. Click +Add Script.



  5. Browse and upload the renamed custom script "Radius.bat" from your local storage.
  6. Select Windows from the Platform dropdown. 



  7. Click Add to save it in the repository.

Step 3: Create configuration in Endpoint Central

  1. In the Configurations tab in ManageEngine Endpoint Central, click Click Configuration.
  2. Click Windows from the dropdown.



  3. Click the Computer Configuration icon  next to Custom Script.



  4. Enter a valid script name. Do not use special characters in the script name.
  5. Click Create/Modify Script next to Script Name to attach the custom script. Choose the uploaded custom script "Radius.bat" using the dropdown. 



    Info
    Selecting Create/Modify Script opens the script management page for adding or editing scripts. Select the script from the dropdown if it is already added. If not, follow the steps provided in Add script to Repository section to add a new script.
  6. In the Dependency field, browse and upload the "WiFi-Profile.xml" file that you created in Step 1.
  7. Under Define Target, select Default Remote Office in the dropdown. You can filter the content using the dropdown after selecting Default Remote Office. Select Computer from the dropdown on the left and your applicable devices from the dropdown on the right.
    1. (Optional) Use Execution Settings to configure the number of retry attempts in case this configuration fails on the targeted devices. 


  8. Click Deploy or Deploy Immediately as per the priority.