When setting up an encrypted wifi / wireless network you would usually choose WPA or WPA2.

These encryption standards will make sure your network communications are done in a secure manner.

There are 2 choices for encryption when using these protocols, one is known as AES, the other is known as TKIP.

Not all wireless cards support AES.

AES encryption is done in the hardware on the card, and not all cards have the circuitry required for AES security, then TKIP is available for you.

If you have a choice between AES and TKIP the safe choice that would work in most circumstances would be the latter.

But AES is more secure.

Also if you use WPA2 it will use both TKIP and AES at the same time.

If you want to deliver WPA2 settings through a GPO in a windows server 2003 Active directory environment, you will need to add a windows Vista machine to your domain and create the GPO there.

This can be done without extending the schema of your domain.

You also want to make sure all 2003server and windows XP client computers has service pack 2 installed, in some cases i experienced that even just viewing the new WPA2 GPO with a computer which only had service pack 1 installed corrupted the GPO.

The safest way to create such a GPO would be create the GPO first as a WPA with a server 2003 with service pack 2, then just edit it with a windows Vista machine, just changing the choice from WPA to WPA2.

The windows XP client computers which will receive the GPO also needs to have http://support.microsoft.com/kb/917021 installed.