Cisco Secure Services Client アドミニストレータ ガイド Software Release 4.2.0
配信パッケージの例
配信パッケージの例
発行日;2012/02/04 | ドキュメントご利用ガイド | ダウンロード ; この章pdf , ドキュメント全体pdf (PDF - 1MB) | フィードバック

目次

配信パッケージの例

詳細

ファイル一覧

配信パッケージの例

次は、一般的な企業環境に有効な .xml 配信パッケージ ファイルの例を示しています。ファイル一覧は、詳細で示されている機能への相互参照によって補強されています。SSCAdminUtils zip ファイルで配布されるファイル sscAdminGuideExXml.zip には、個別の .xml ファイルの形式ですべての例が組み込まれ、開始ポイントとして使用して、容易にテキストを編集できます。


) ここに示すすべての例で、ライセンス文字列は機能的に無効になっています。アプリケーションに適したものと置き換えてください。


詳細

例 B-1 - 配信パッケージの基本エレメントのみを示しています。この例ではネットワークが定義されていません (例 B-1 を使用します)。

例 B-2 - 最小限の、認証なしのオープン(1)Wi-Fi および(2)有線ネットワークの追加を示しています (例 B-2 を使用します)。

例 B-3 - 次のプロパティの、認証なしの WPA Personal Wi-Fi ネットワークを示しています。

(2)ユーザ接続コンテキスト

(3)TKIP 暗号化による WPA-Personal アソシエーション

このタイプのネットワークは、エンドユーザが企業ネットワークにリモートで接続できる、企業提供の自宅用設備(キーを設定)に適用されます(例 B-3 を使用します)。


) 次の認証 Wi-Fi ネットワーク定義はいずれも、associationMode エレメントを削除して抽出すると、有線の認証ネットワークに使用することができます。次のように抽出します。

<authenticationNetwork>
Retain otherwise: .....
Remove this:<associationMode>...</associationMode>
</authenticationNetwork>


 

例 B-4 - 次のプロパティの、認証 Wi-Fi ネットワークを示しています。

(2)マシン/ユーザ接続コンテキスト

(3)最初にワンタイムの要求でユーザ パスワードのクレデンシャルを取得

(4)マシンのパスワードは Microsoft Active Directry のセットアップから自動取得

(5)単一の、トンネル EAP メソッド

(6)リリース 4.0 の機能に基づくサーバ確認

例 B-4 を使用します)。

例 B-5 - 次のプロパティの、認証 Wi-Fi ネットワークを示しています。

(2)マシン/ユーザ接続コンテキスト

(3)オペレーティング システムからユーザ パスワードのクレデンシャルを取得(シングルサインオン)

(4)マシン クレデンシャルは Microsoft Active Directry のセットアップから自動取得

(5)複数の、トンネル EAP メソッド

(6)複数の認証サーバの規則、およびリリース 4.1 (7) の CA 証明書展開サポートによるサーバ証明書の確認

例 B-5 を使用します)。

例 B-6 - 次のプロパティの、認証 Wi-Fi ネットワークを示しています。

Novell ドメイン互換ネットワーク

(2)ユーザ接続コンテキスト

(3)オペレーティング システムからユーザ パスワードのクレデンシャルを取得(シングルサインオン)

(4)単一の、トンネル EAP メソッド

(5)リリース 4.0 の機能に基づくサーバ証明書の確認

例 B-6 を使用します)。

例 B-7 - 次のプロパティの、認証 Wi-Fi ネットワークを示しています。

(2)マシン接続コンテキスト

(3)リリース 4.1 の静的クレデンシャル サポートからマシン クレデンシャルを取得

(4)単一の、トンネル EAP メソッド

(5)リリース 4.0 の機能に基づくサーバ証明書の確認

例 B-7 を使用します)。

例 B-8 - 次のプロパティの、認証 Wi-Fi ネットワークを示しています。

(2)ユーザ接続コンテキスト

(3)スマート カードからユーザ クライアント証明書クレデンシャルを取得

(4)TLS EAP 方式

(5)リリース 4.0 の機能に基づくサーバ証明書の確認

例 B-8 を使用します)。

例 B-9a - 次のプロパティの、(1)認証 Wi-Fi ネットワークを示しています。

(2)ユーザ接続コンテキスト

(3)最初にワンタイムの要求でユーザ パスワードのクレデンシャルを取得

(4)EAP-FAST-GTC 方式(認証あり、自律的な PAC プロビジョニング)

(5)リリース 4.0 の機能に基づく PAC プロビジョニング用のサーバ証明書の確認

例 B-9a を使用します)。

例 B-9b - 次のプロパティの、(1)認証 Wi-Fi ネットワークを示しています。

(2)ユーザ接続コンテキスト

(3)最初にワンタイムの要求でユーザ パスワードのクレデンシャルを取得

(4)EAP-FAST-GTC 方式(認証なし、自律的な PAC プロビジョニング)

(5)リリース 4.0 の機能に基づく PAC プロビジョニング用のサーバ AID の確認

例 B-9b を使用します)。

例 B-9c - 次のプロパティの、(1)認証 Wi-Fi ネットワークを示しています。

(2)ユーザ接続コンテキスト

(3)最初にワンタイムの要求でユーザ パスワードのクレデンシャルを取得

(4)リリース 4.1 の手動 PAC プロビジョニング サポートによる FAST EAP-MSCHAPv2 方式
(自律的 PAC プロビジョニングなしで設定された Cisco ACS サーバ)

(5)サーバ確認なし

例 B-9c を使用します)。

例 B-10 - 次のプロパティの、(1)認証 Wi-Fi ネットワークを示しています。

(2)ユーザ接続コンテキスト

(3)新しいリリース 4.1 の静的クレデンシャル サポートからユーザ パスワードのクレデンシャルを取得

(4)単一の、トンネル EAP メソッド

(5)リリース 4.0 の機能に基づくサーバ証明書の確認

例 B-10を使用します)。

例 B-11 - 次の(1)プロパティの有線専用バージョンを示しています。

(2)事前設定のエンドユーザ バージョン

(3)認証ネットワークのみ

(4)マシン/ユーザ接続コンテキスト

(5)FAST EAP 方式のみ

(6)サーバ証明書の確認

例 B-11 を使用します)。

ファイル一覧

例 B-1

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

<eapFast/>

<eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

<alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

<forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-2

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

<eapFast/>

<eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

<alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

<forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(2) <wiredNetwork>

<displayName>My Corporate Wired Network</displayName>

<openNetworkMachineConnection/>

</wiredNetwork>

(1) <wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

<openNetworkUserConnection>

<autoConnect>true</autoConnect>

</openNetworkUserConnection>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

 

例 B-3

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

<eapFast/>

<eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

<alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

<forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

<wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

(1) <sharedKeyNetwork>

(2) <userConnection>

<keySettings>

(3) <wpa>

<key>

<ascii encrypt="true">mySecret</ascii>

</key>

<encryption>TKIP</encryption>

</wpa>

</keySettings>

<autoConnect>true</autoConnect>

</userConnection>

</sharedKeyNetwork>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-4

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

(5) <eapFast/>

<eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

(6) <alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

(3) <forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(1) <wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

(1) <authenticationNetwork>

(2) <machineUserAuthentication>

<machine>

<collectionMethod>

(4) <auto/>

</collectionMethod>

<unprotectedIdentityPattern>host/anonymous</unprotectedIdentityPattern>

<protectedIdentityPattern>host/&lt;fqhn&gt;</protectedIdentityPattern>

</machine>

<user>

<autoConnect>

<connectBeforeLogon>true</connectBeforeLogon>

</autoConnect>

<collectionMethod>

(3) <prompt>

<credentialsStorage>

<forever/>

</credentialsStorage>

</prompt>

</collectionMethod>

<unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

<protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

</user>

<eapMethods>

(5) <eapFast>

(6) <validateServerIdentity>true</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>true</protectClientCertificate>

<innerEapMethods>

<eapMschapv2/>

<eapGtc/>

</innerEapMethods>

</eapFast>

</eapMethods>

</machineUserAuthentication>

<serverValidation>

(6) <validationRules>

<matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName>

<matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName>

</validationRules>

<trustAnyRootCaFromOs/>

</serverValidation>

<interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

<nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

<associationMode>

<wpa-Enterprise>TKIP</wpa-Enterprise>

</associationMode>

</authenticationNetwork>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-5

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="21">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

(5) <eapFast/>

(5) <eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

(6) <alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

<forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(1) <wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

(1) <authenticationNetwork>

(2) <machineUserAuthentication>

<machine>

<collectionMethod>

(4) <auto/>

</collectionMethod>

<unprotectedIdentityPattern>host/anonymous</unprotectedIdentityPattern>

<protectedIdentityPattern>host/&lt;fqhn&gt;</protectedIdentityPattern>

</machine>

<user>

<autoConnect>

<connectBeforeLogon>true</connectBeforeLogon>

</autoConnect>

<collectionMethod>

(3) <singleSignOn/>

</collectionMethod>

<unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

<protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

</user>

<eapMethods>

(5) <eapFast>

<validateServerIdentity>true</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>true</protectClientCertificate>

<innerEapMethods>

<eapMschapv2/>

<eapGtc/>

</innerEapMethods>

</eapFast>

(5) <eapPeap>

<validateServerIdentity>true</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>false</protectClientCertificate>

<innerEapMethods>

<eapMschapv2/>

<eapGtc/>

</innerEapMethods>

</eapPeap>

</eapMethods>

</machineUserAuthentication>

<serverValidation>

(6) <validationRules>

<matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName>

<matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName>

<matchSubjectAlternativeName name="Cert Rule 3" match="endsWith">myCorp2.net</matchSubjectAlternativeName>

</validationRules>

<trustedRootCACerts>

(7) <certificate>

<caReference>E:\path\CaCertFile</caReference>

</certificate>

</trustedRootCACerts>

</serverValidation>

<interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

<nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

<associationMode>

<wpa-Enterprise>TKIP</wpa-Enterprise>

</associationMode>

</authenticationNetwork>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-6

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

(4) <eapFast/>

<eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

(5) <alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

<forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(1) <wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

(1) <authenticationNetwork>

(2) <userAuthentication>

<autoConnect>

<connectBeforeLogon>true</connectBeforeLogon>

</autoConnect>

<collectionMethod>

(3) <singleSignOn/>

</collectionMethod>

<unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

<protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

<eapMethods>

(4) <eapFast>

(5) <validateServerIdentity>true</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>true</protectClientCertificate>

<innerEapMethods>

<eapMschapv2/>

<eapGtc/>

</innerEapMethods>

</eapFast>

</eapMethods>

</userAuthentication>

<serverValidation>

(5) <validationRules>

<matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName>

<matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName>

</validationRules>

<trustAnyRootCaFromOs/>

</serverValidation>

<interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

<nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

<associationMode>

<wpa-Enterprise>TKIP</wpa-Enterprise>

</associationMode>

</authenticationNetwork>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-7

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

<eapFast/>

(4) <eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

(5) <alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

<forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(1) <wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

(1) <authenticationNetwork>

(2) <machineAuthentication>

<collectionMethod>

(3) <static/>

</collectionMethod>

(3) <unprotectedIdentityPattern>anonymous</unprotectedIdentityPattern>

(3) <protectedIdentityPattern>machineName</protectedIdentityPattern>

(3) <staticPassword encrypt="true">machineSecret</staticPassword>

<eapMethods>

(4) <eapPeap>

<validateServerIdentity>true</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>true</protectClientCertificate>

<innerEapMethods>

<eapMschapv2/>

</innerEapMethods>

</eapPeap>

</eapMethods>

</machineAuthentication>

<serverValidation>

(5) <validationRules>

<matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName>

</validationRules>

<trustAnyRootCaFromOs/>

</serverValidation>

<interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

<nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

<associationMode>

<wpa-Enterprise>TKIP</wpa-Enterprise>

</associationMode>

</authenticationNetwork>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-8

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

(4) <eapFast/>

<eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

(5) <alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

<forever/>

(3) <logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(1) <wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

(1) <authenticationNetwork>

(2) <userAuthentication>

<autoConnect>

<connectBeforeLogon>false</connectBeforeLogon>

</autoConnect>

<collectionMethod>

<prompt>

<credentialsStorage>

(3) <logonSession/>

</credentialsStorage>

</prompt>

</collectionMethod>

<unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

<protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

<eapMethods>

(4) <eapFast>

(5) <validateServerIdentity>true</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>true</protectClientCertificate>

<certificateSource>

(3) <smartCardOnlyCertificate/>

</certificateSource>

<innerEapMethods>

(4) <eapTls>

<validateServerIdentity>true</validateServerIdentity>

</eapTls>

</innerEapMethods>

</eapFast>

</eapMethods>

</userAuthentication>

<serverValidation>

(5) <validationRules>

<matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName>

</validationRules>

<trustAnyRootCaFromOs/>

</serverValidation>

<interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

<nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

<associationMode>

<wpa-Enterprise>TKIP</wpa-Enterprise>

</associationMode>

</authenticationNetwork>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-9a

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

(4) <eapFast/>

<eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

(5) <alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

(3) <forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(1) <wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

(1) <authenticationNetwork>

(2) <userAuthentication>

<autoConnect>

<connectBeforeLogon>false</connectBeforeLogon>

</autoConnect>

<collectionMethod>

(3) <prompt>

<credentialsStorage>

<forever/>

</credentialsStorage>

</prompt>

</collectionMethod>

<unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

<protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

<eapMethods>

(4) <eapFast>

(5) <validateServerIdentity>true</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>true</protectClientCertificate>

<innerEapMethods>

(4) <eapGtc/>

</innerEapMethods>

</eapFast>

</eapMethods>

</userAuthentication>

<serverValidation>

(5) <validationRules>

<matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName>

<matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName>

</validationRules>

<trustAnyRootCaFromOs/>

</serverValidation>

<interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

<nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

<associationMode>

<wpa-Enterprise>TKIP</wpa-Enterprise>

</associationMode>

</authenticationNetwork>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-9b

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

(4) <eapFast/>

<eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

(5) <alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

(3) <forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(1) <wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

(1) <authenticationNetwork>

(2) <userAuthentication>

<autoConnect>

<connectBeforeLogon>false</connectBeforeLogon>

</autoConnect>

<collectionMethod>

(3) <prompt>

<credentialsStorage>

<forever/>

</credentialsStorage>

</prompt>

</collectionMethod>

<unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

<protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

<eapMethods>

(4) <eapFast>

(5) <validateServerIdentity>true</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>true</protectClientCertificate>

<innerEapMethods>

(4) <eapMschapv2/>

(4) <eapGtc/>

</innerEapMethods>

</eapFast>

</eapMethods>

</userAuthentication>

<serverValidation>

(5) <trustedServerIds>

<trustedServerId name="PAC AID Rule 1">

<reference>

<aIdReference>E:\path\pacRefFile</aIdReference>

<secretKey>1234</secretKey>

</reference>

</trustedServerId>

</trustedServerIds>

<trustAnyRootCaFromOs/>

</serverValidation>

<interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

<nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

<associationMode>

<wpa-Enterprise>TKIP</wpa-Enterprise>

</associationMode>

</authenticationNetwork>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-9c

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

(4) <eapFast/>

<eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

(5) <allowUserValidationControl/>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

(3) <forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(1) <wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

(1) <authenticationNetwork>

(2) <userAuthentication>

<autoConnect>

<connectBeforeLogon>false</connectBeforeLogon>

</autoConnect>

<collectionMethod>

(3) <prompt>

<credentialsStorage>

<forever/>

</credentialsStorage>

</prompt>

</collectionMethod>

<unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

<protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

(4) <pacs>

<pac>

<pacReference encrypt="true">E:\path\pacFile</pacReference>

<secretKey encrypt="true">pacPassword</secretKey>

</pac>

</pacs>

<eapMethods>

(4) <eapFast>

(5) <validateServerIdentity>false</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>true</protectClientCertificate>

<innerEapMethods>

(4) <eapMschapv2/>

</innerEapMethods>

</eapFast>

</eapMethods>

</userAuthentication>

<interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

<nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

<associationMode>

<wpa-Enterprise>TKIP</wpa-Enterprise>

</associationMode>

</authenticationNetwork>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-10

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes>

<!--open network-->

<open/>

<!--shared key network-->

<wpa-Personal/>

<wpa2-Personal/>

<!--authenticating network-->

<wpa-Enterprise/>

<wpa2-Enterprise/>

<!--legacy WEP shared key and authenticating networks-->

<wep/>

</allowedAssociationModes>

<allowedEapMethods>

<!--wired only-->

<eapMd5/>

<eapMschapv2/>

<eapGtc/>

<!--wired or wireless-->

(4) <eapFast/>

<eapPeap/>

<eapTls/>

<eapTtls/>

<leap/>

</allowedEapMethods>

<serverValidationPolicy>

(5) <alwaysValidate>

<allowUserTrustedServers>true</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

<forever/>

<logonSession/>

<duration>5</duration>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(1) <wifiNetwork>

<displayName>My Corporate Wi-Fi Network</displayName>

<ssid>MyCorpNet</ssid>

<associationRetries>3</associationRetries>

<beaconing>true</beaconing>

(1) <authenticationNetwork>

(2) <userAuthentication>

<autoConnect>

<connectBeforeLogon>false</connectBeforeLogon>

</autoConnect>

<collectionMethod>

(3) <static/>

</collectionMethod>

(3) <unprotectedIdentityPattern>anonymous@engr.myCompany.com</unprotectedIdentityPattern>

(3) <protectedIdentityPattern>userName</protectedIdentityPattern>

(3) <staticPassword encrypt="true">userSecret</staticPassword>

<eapMethods>

(4) <eapFast>

(5) <validateServerIdentity>true</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>true</protectClientCertificate>

<innerEapMethods>

<eapMschapv2/>

</innerEapMethods>

</eapFast>

</eapMethods>

</userAuthentication>

<serverValidation>

(5) <validationRules>

<matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName>

<matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName>

</validationRules>

<trustAnyRootCaFromOs/>

</serverValidation>

<interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

<nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

<associationMode>

<wpa-Enterprise>TKIP</wpa-Enterprise>

</associationMode>

</authenticationNetwork>

</wifiNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>true</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

<clientUIType>configurable</clientUIType>

<allowLicensing>false</allowLicensing>

<allowedMedia>

<wired/>

<wifi/>

</allowedMedia>

</userControlPolicy>

</configuration>

例 B-11

<?xml version="1.0" encoding="UTF-8"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="..\distributionPackage.xsd" major_version="4" minor_version="2">

<license>T244-YKGP-UMG5-Y2F2-5KMH-5OYX-DAR4-POND-52Z5-MHJZ-3LOD-SLYL-U5YA-IUKU-M3TC-JNO7-3MEM-LGAA</license>

<networkPolicy>

<allowedAssociationModes></allowedAssociationModes>

<allowedEapMethods>

(5) <eapFast/>

</allowedEapMethods>

<serverValidationPolicy>

(6) <alwaysValidate>

<allowUserTrustedServers>false</allowUserTrustedServers>

</alwaysValidate>

</serverValidationPolicy>

<allowUserSimultaneousConnectionsControl>false</allowUserSimultaneousConnectionsControl>

<allowedCredentialStorage>

<forever/>

<logonSession/>

</allowedCredentialStorage>

<allowUserWpaHandshakeValidationControl>false</allowUserWpaHandshakeValidationControl>

<allowPublicProfileCreation>false</allowPublicProfileCreation>

<allowedClientCertificates>

<noEkuFilter/>

</allowedClientCertificates>

</networkPolicy>

<networks>

(1) <wiredNetwork>

<displayName>My Corporate Wired Network</displayName>

(3) <authenticationNetwork>

(4) <machineUserAuthentication>

<machine>

<collectionMethod>

<auto/>

</collectionMethod>

<unprotectedIdentityPattern>host/anonymous</unprotectedIdentityPattern>

<protectedIdentityPattern>host/&lt;fqhn&gt;</protectedIdentityPattern>

</machine>

<user>

<autoConnect>

<connectBeforeLogon>true</connectBeforeLogon>

</autoConnect>

<collectionMethod>

<singleSignOn/>

</collectionMethod>

<unprotectedIdentityPattern>anonymous@&lt;domain&gt;</unprotectedIdentityPattern>

<protectedIdentityPattern>&lt;username&gt;</protectedIdentityPattern>

</user>

<eapMethods>

(5) <eapFast>

(6) <validateServerIdentity>true</validateServerIdentity>

<enableFastReconnect>true</enableFastReconnect>

<protectClientCertificate>true</protectClientCertificate>

<innerEapMethods>

<eapMschapv2/>

</innerEapMethods>

</eapFast>

</eapMethods>

</machineUserAuthentication>

<serverValidation>

(6) <validationRules>

<matchSubjectAlternativeName name="Cert Rule 1" match="endsWith">myCorp.com</matchSubjectAlternativeName>

<matchSubjectName name="Cert Rule 2" match="exactly">My Corporation</matchSubjectName>

</validationRules>

<trustAnyRootCaFromOs/>

</serverValidation>

<interactiveAuthenticationRetries>4</interactiveAuthenticationRetries>

<nonInteractiveAuthenticationRetries>4</nonInteractiveAuthenticationRetries>

</authenticationNetwork>

</wiredNetwork>

</networks>

<stationSettings>

<simultaneousConnections>singleHomed</simultaneousConnections>

<validateWpaHandshake>false</validateWpaHandshake>

</stationSettings>

<userControlPolicy>

(2) <clientUIType>preset</clientUIType>

<allowLicensing>false</allowLicensing>

(1) <allowedMedia>

<wired/>

</allowedMedia>

</userControlPolicy>

</configuration>