In my lab environment I have a ‘Lab Users’ OU that I will apply this group policy to.
Open Group Policy Management and right click the ‘Lab Users’ Group, select ‘Create GPO in this domain, and Link it here…’.
![Create new GPO](https://i0.wp.com/blog.couttsnet.com/wp-content/uploads/2022/03/Create-new-GPO-1.jpg?resize=468%2C512&ssl=1)
Give it a name, e.g. ‘802.1x Group Policy’, and then navigate to ‘Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services’ and enable the ‘Wired AutoConfig’ service. Without enabling the ‘Wired AutoConfig’ service it will not be possible to configure 802.1x on wired interfaces.
![Wired AutoConfig](https://i0.wp.com/blog.couttsnet.com/wp-content/uploads/2022/03/wired-autoconfig.jpg?resize=580%2C421&ssl=1)
Next browse to ‘Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Wired Network’ and create a policy called ‘Wired 802.1x’ policy.
![Wired 802.1x Policy](https://i0.wp.com/blog.couttsnet.com/wp-content/uploads/2022/03/wired_802.1x_policy_general.jpg?resize=580%2C421&ssl=1)
On the ‘Security’ tab select ‘Smart Card or tother certificate’ , ‘user or computer authentication’, and ensure ‘Max Authentication Failures’ is set to 3 (this fixes a ‘user logging into a machine for the first time so no certificate exists’ scenario).
![Wired 802.1x Settings](https://i0.wp.com/blog.couttsnet.com/wp-content/uploads/2022/03/wired_802.1x_security.jpg?resize=408%2C512&ssl=1)