When setting up a GPO for a wireless network profile via GPMC in Windows 2008 R2, in theProtected EAP Properties window there are check boxes for Validate server certificate and Do not prompt user to authorize new servers or trusted certification authorities, a textbox forConnect to these servers, and a selections list forTrusted Root Certification Authorities.
All these configurable options show up again if you click on Configure when usingSmart Card or other certificate as the authentication method. You can set them as you wish there, different from PEAP Properties even.
My question is, which set of options takes precedence? A sane person will probably keep them the same, but why have that confusion in the interface?