Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Connecting Departmentally owned Windows 11 devices to ethernet

By default, Departmentally managed Windows devices will reside on the network 'Open Desktop' or 'Open Laptops'. Some services require that you are either on the 'Desktop' or 'Laptop' authenticated networks. Details on how to configure Windows 11 to connect to these authenticated networks is below.

Install the WIN authentication certificate

Download the WIN authentication certificate and double-click the file. Windows will display the certificate details:

Issued to: Certificate Authority

Issued by: Certificate Authority

Valid from 09/04/2019 to 09/04/2039

Confirm that the certificate is correct by clicking on the Details tab and then Issuer. This should display:

CN = Certificate Authority

O = IPA.FMRIB.OX.AC.UK

And the Thumbprint:

 5a0189738642ff6f88c006672352989ed484743d

Return to the General tab and click on 'Install Certificate'. This will launch the certificate import wizard. For single user machines, 'Current User' is fine, multi-user machines should use Local Machine. Click Next.

Select Place all certificates in the following store and click Browse... Select, Trusted Root Certifications Authorities and click OK.

Enable 802.1x

To enable logins to the network, open the Services control panel - enter 'Services' in the search box on the Windows tool bar, on the Services app summary on the right, click on Run as Administrator and enter an administrator's user account credentials if prompted.

Scroll through the list of services to find 'Wired AutoConfig' - double-click on it and in the next window change Startup type to Automatic and then click on Start in the Service status section.

Configure Network Logins

In the Windows search field enter Network and open the View Network Connections control panel that will be offered. Identify your ethernet network connection and right click on it, selecting Properties. Enter the admin password if requested. Along the top of this window you should find an Authentication tab. Click on this.

Tick the Enable IEEE 802.1x authentication box, make sure Microsoft: EAP-TTLS is selected and in the Settings, find 'Certificate Authority' and tick it, then confirm that the Client authentication is set to Select a non-EAP method for authentication with Unencrypted password (PAP) selected (this should be the default). Click OK to close the settings.

Now click on Additional Settings...

Tick Specify authentication mode and select User authentication from the drop-down. Click OK.

Make sure that Fallback to unauthorized network access is ticked.

Click OK.

You should now get a prompt to Sign in,

Signing In

Open the Windows Settings application and click on Network & internet. This should show your network connection and indicate that sign in is required. Click Sign in and then view the certificate that is offered. Check that the fingerprint matches the value below:

66 9D 61 23 60 4F EF 94 A6 F5 7D C5 A3 E3 91 E4 58 8A 06

If it does, click Connect and then enter your WIN computer credentials