Now, most of us IT managers swore off WEP some time ago. The only problem is that swearing off WEP for our personal geek machines and swearing it off for a whole fleet of disparate desktops and laptops are two different things. WEP just happens to be a convenient common denominator, and when the user is breathing down your neck for a fast resolution, it's often easy to rationalize its use. After all, installing a 128-bit WEP key should be enough to keep the average war drivers at bay. And you'll get back to the WPA (Wi-Fi Protected Access) deal as soon as you clear the other 99 highly urgent things on your list.

That may have been the case for the last couple of years, but InfoWorld just ran a story on how WEP security has had even more holes shot through it in the last 12 to 18 months. The piece concerned a bunch of German mathematicians who showed that a 1.7GHz Pentium M CPU took only three seconds to crack a 104-bit WEP key. See, that sends chills down my spine. If it sends a shudder or two down yours, then take a shot of something strong and read on.

I griped about these worries to a buddy, and he verbally slapped me about the ears and face: "How can you write a Microsoft column every week and not know that you've got everything you need to fix that problem sitting on your Active Directory server?" I asked him to explain, but at first he'd only compare my intellect to that of various dinner vegetables. Some back and forth on that, a little violence, and we got down to explanations.

All you need to do is disable the pre-shared key portion of the WEP equation. You can replace this with 802.1x on any post-Windows XP Pro SP2 PC, especially anything running Vista. It does require a little router fiddling, but just enough to cause the router to manage user authentication via RADIUS. Yeah, that means installing IAS (Internet Authentication Service) somewhere on the Windows network, but that's mostly a matter of check boxes. Get that done, and your Wi-Fi users can authenticate using their AD credentials.