In my lab environment I have a ‘Lab Users’ OU that I will apply this group policy to.
Open Group Policy Management and right click the ‘Lab Users’ Group, select ‘Create GPO in this domain, and Link it here…’.
Give it a name, e.g. ‘802.1x Group Policy’, and then navigate to ‘Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services’ and enable the ‘Wired AutoConfig’ service. Without enabling the ‘Wired AutoConfig’ service it will not be possible to configure 802.1x on wired interfaces.
Next browse to ‘Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Wired Network’ and create a policy called ‘Wired 802.1x’ policy.
On the ‘Security’ tab select ‘Smart Card or tother certificate’ , ‘user or computer authentication’, and ensure ‘Max Authentication Failures’ is set to 3 (this fixes a ‘user logging into a machine for the first time so no certificate exists’ scenario).
