Defaults: Specifies that the client verifies that the server certificates presented to the client computer have the correct signatures, have not expired, and were issued by a trusted root certification authority (CA).
Do not disable this check box or client computers cannot verify the identity of your servers during the authentication process.
The user must repeat the multistep process to connect to the VPN each time Internet connectivity is interrupted.
This can quickly become time consuming for mobile users with intermittent connectivity disruptions.
If you disable this check box, client computers cannot verify the identity of your servers during the authentication process.
If server authentication does not occur, users are exposed to severe security risks, including the possibility that users might unknowingly connect to a rogue network.
If no trusted root CAs are selected, the 802.1X client verifies that the computer certificate of the RADIUS server was issued by an installed trusted root CA.
For VPN connections, Fast Reconnect uses IKEv2 technology to provide seamless and consistent VPN connectivity, when users temporarily lose their Internet connections.
Users who connect by using wireless mobile broadband will benefit most from this capability.
Specifies whether Windows filters out certificates that are unlikely to meet authentication requirements.
This serves to limit the list of available certificates when prompting the user to select a certificate.
An example of this benefit is a common scenario in which a user is traveling on a train, uses a wireless mobile broadband card to connect to the Internet, and then establishes a VPN connection to the corporate network.