Setting up Laptops with 802.1x (Nexus)

  1. If the Surface laptop has not been re-imaged, reset the laptop to factory defaults settings.

  2. If the Surface laptop has been re-imaged, restore the original OS by creating and using a recovery drive for Surface

  3. Setup Surface laptop. Don’t use an MS account (choose to join Domain) and create the acoadmin account.

  4. After the Windows Desktop appears, rename the laptop to the prescribed hostname, reboot the laptop

  5. Run all Windows updates. This may take several iterations of running updates and rebooting.

  6. Make sure the system is pre-staged in Nexus and then join the Nexus domain.

Setup up 802.1x for Wireless, adding Eduroam:

a.       Open Network and Sharing Center from the Control Panel

b.       Select  Set up a new connection or network


c.       Manually connect to a Wireless Network


d.       Configure as below


e.       Click Change connection settings


f.        Select the ‘Security’ tab and configure as below



g.       Click Settings beside PEAP and choose GlobalSign Root CA


As a side note, sometimes the GlobalSign Root CA cert isn’t installed and doesn’t appear until after an attempt is made (default is User Authentication but cancel out of that when trying to connect).

h.       Click OK and close out the 'Protected PEAP Properties' popups.

i.         Click the security tab and choose Advanced settings

j.         Check the Authentication Mode box, choose Computer Authentication from the drop down box 



k.       Click OK and close settings

l.         Click the networking icon on the task bar and choose Wireless > Eduroam and choose Connect. A popup appears. Choose Connect to allow the Cert:


  1. The system should now connect to Eduroam automatically. Note on bootup, it does take a minute to connect to wireless.

  2. Go to the Control panel and choose Power Options. Change what happens when the lid is closed and the power is connected to Do nothing. Change when the laptop sleeps when plugged in to Never.