803853b125
New Inno Setup project that configures shop floor PCs for Machine VLAN connectivity via 802.1x/ISE authentication. Features: - Native Pascal implementation (no external batch files required) - Silent installation support for deployment automation - Windows 7/8/10/11 auto-detection - Automatic network interface detection (wired/wireless) - Detailed logging and results display Configures: - Wired: 802.1x PEAP/MS-CHAPv2 via Corporate Holdings RADIUS - Wireless: AESFMA SSID with EAP-TLS via Aerospace FreeRADIUS Usage: MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Machine Authentication 3.0
Configures shop floor PCs for 802.1x/ISE Machine VLAN connectivity with support for both wired and wireless networks.
Overview
This installer automates the configuration of 802.1x network authentication for GE Aerospace shop floor machines, enabling secure access to the Machine VLAN without requiring user credentials.
What It Configures
| Network Type | Authentication | Server |
|---|---|---|
| Wired | 802.1x PEAP/MS-CHAPv2 | Corporate Holdings RADIUS |
| Wireless | 802.1x EAP-TLS (certificate) | Aerospace FreeRADIUS |
Features
- Native Inno Setup Implementation - All logic in Pascal script, no external batch files
- Silent Installation Support - Full automation for deployment tools
- Windows 7/10/11 Support - Auto-detects OS and uses appropriate interface names
- Automatic Network Detection - Identifies active interface (wired or wireless)
- Detailed Logging - Comprehensive log output for troubleshooting
Usage
Interactive Installation
- Run
MachineAuthSetup.exeas Administrator - Review the configuration summary
- Click Install
- View results and verify connectivity
Silent Installation
MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES
With logging:
MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES /LOG="C:\ma3_install.log"
Configuration Details
Wired Network (8021x.xml)
- EAP Type: 25 (PEAP)
- Inner Method: MS-CHAPv2 (Type 26)
- Auth Mode: Machine
- Credentials: Windows logon credentials
- Service: dot3svc (Wired AutoConfig)
Wireless Network (AESFMA.xml)
- SSID: AESFMA
- Security: WPA2-Enterprise, AES
- EAP Type: 13 (EAP-TLS)
- Auth Mode: Machine (certificate-based)
- Service: Wlansvc (WLAN AutoConfig)
Interface Names
| Windows Version | Wired Interface | Wireless Interface |
|---|---|---|
| Windows 7/8 | Local Area Connection | Wireless Network Connection |
| Windows 10/11 | Ethernet | Wi-Fi |
Installation Steps
- Stop NetworkAdapterManager service (if present)
- Enable and start Wired AutoConfig (dot3svc)
- Import 802.1x profile to wired interface
- Enable and start WLAN AutoConfig (Wlansvc)
- Import AESFMA profile to wireless interface
- Reconnect active network interface
- Start NetworkAdapterManager service
- Wait 10 seconds for network stabilization
Requirements
- Windows 7, 8, 10, or 11
- Administrator privileges
- SSL certificate for FreeRADIUS (pre-installed on managed machines)
- Standard network interface naming conventions
Files
MachineAuth/
├── MachineAuth.iss # Inno Setup script
├── 8021x.xml # Wired 802.1x profile
├── AESFMA.xml # Wireless AESFMA profile
├── gea-logo.ico # Setup icon
├── banner.bmp # Wizard banner
├── banner-sm.bmp # Wizard small image
└── README.md # This file
Legacy Files (Not Required)
These files are from the original batch-based installer and are not used by the Inno Setup version:
MA3NetworkConfigv4.bat- Original batch scriptge_runasuser.exe- Run-as-user utilityRebootDelay.exe- Reboot delay utility$PLUGINSDIR/- NSIS plugin remnants
Troubleshooting
"Requires administrator privileges"
Right-click the installer and select "Run as administrator"
Network doesn't reconnect after configuration
- Manually disconnect and reconnect the network adapter
- Check Windows Services that dot3svc and/or Wlansvc are running
- Verify the machine has the required certificates
AESFMA wireless doesn't connect
- Verify the FreeRADIUS SSL certificate is installed
- Check that the machine is in the correct AD group
- Ensure the wireless adapter supports WPA2-Enterprise
Wired 802.1x authentication fails
- Verify the machine account is in the correct AD group
- Check that the switch port is configured for 802.1x
- Review the RADIUS server logs for authentication errors
Check installed profiles
Wired profiles:
netsh lan show profiles
Wireless profiles:
netsh wlan show profiles
Remove and reinstall profiles
Remove wired profile:
netsh lan delete profile interface="Ethernet"
Remove wireless profile:
netsh wlan delete profile name="AESFMA"
Then run the installer again.
Building
- Install Inno Setup 6.x
- Open
MachineAuth.iss - Compile (F9)
- Output:
Output/MachineAuthSetup.exe
Technical Notes
- No reboot required
- Brief network interruption during configuration (~10-15 seconds)
- Safe to run multiple times
- Does not remove existing profiles (adds/updates)
Author
WJDT / GE Aerospace