Windows 7 Supplicant Round-Up

The wireless network supplicant was completely re-written in Windows Vista, and significantly updated in Windows 7. It now offers a broader set of enterprise class features than previous generations of native supplicants built into the operating system. It is now called "WLAN AutoConfig" replacing the previous generation "Wireless Zero Config (WZC)" service on Windows XP.

New / Updated Features
New and updated features added in the Windows 7 WLAN AutoConfig software include:
- Better integration and control from the Windows notification area
- Better wireless network profile and preference management
- Global versus current-user profile creation and management
- Better Group Policy integration for administrative control
- Better authentication mode control (machine or user account; Vista required manual XML profile editing and re-import)
- Single sign-on support
- Broader EAP protocol support, including:
  • PEAPv2 support (inner/outer crypto-binding, anonymous outer identity)
  • Cisco LEAP support (... but you shouldn't be using this protocol)
  • Cisco PEAPv1 support (EAP-GTC inner method)
  • Cisco EAP-FAST support
  • EAP-AKA, EAP-SIM, and EAP-TTLS support

- Better PMK caching control (Vista required group policy or local registry hacks to change defaults)
- FIPS compliance support
- WLAN Hosted Networks (virtualization)
- Better network recognition upon re-connect, including DHCP Network Hint
- Intel / Cisco E2E feature integration (when using a supported Intel adapter)

Supplicant Deployment Considerations
However, choice is (almost) never a bad thing, and some organizations may prefer to stick with a 3rd party supplicant for various reasons. Those reasons may include bad experience with legacy WZC service (gun-shy), consistency of the user experience, preventing re-training of users on how to connect/disconnect and configure wireless profiles, specific features requirements only found in certain software supplicants, performance characteristics, corporate policy control features, or ease of deployment and management with existing administrative tool sets.

Here are some considerations and options when evaluating supplicants for use in your environment:
- Windows Compatibility
- Authentication Protocol Support (EAP flavors)
- Security Controls for Administrative Lock-Down
- VPN Software Integration (auto-launch, etc.)
- Roaming Performance (support for CCKM, OKC, and eventually Fast BSS Transistion)
- Cost / Licensing (especially for a large user base)
- IPv6 support

Windows Compatibility
You can check compatibility of various software packages in the Windows 7 Compatibility Center. This website lists products that have passed Microsoft testing requirements to verify compatibility. Other software packages may run on Windows 7 which are not listed on this website but have not been submitted or passed Microsoft testing (use at your own risk).

Windows 7 Supplicant Round-up
Here is a quick list of the most common enterprise and open-source wireless supplicants, noting which ones currently support Windows 7.

- Windows 7 Native Supplicant
- Intel PROSet - Full support for Win7
- Juniper Odyssey Access Client - No support for Win7
- Open1X Supplicant - Support in the development release only
- Cisco Aironet Desktop Utility - No support for Win7
- Cisco Secure Services Client - No support for Win7
- Cisco AnyConnect Client - Full support for Win7
- Secure W2 Client - Full support for Win7
- Lenovo ThinkVantage Access Connections - Full Support for Win7 (see here)
- Broadcom WLAN Utility - Compatible versions exist, check your OEM for support
- Atheros WLAN Utility - Compatible versions exist, check your OEM for support

I'll leave it up to you to evaluate the features most important for your environment and to draw your own conclusions as to which one makes the most sense for your organization.

But I will say, based on my own experience, the Windows 7 native supplicant is a much improved product over the legacy WZC. Because it is bundled with the OS and offers tight integration with Group Policy controls, give it a shot and see if it meets your needs before spending money on another solution.


* Updated 2011/04/05 to add the Cisco AnyConnect client to the list based on reader feedback.