Digging a little deeper into Unite setup- how to set up a Unite Hub (Clearwater System) to allow outside guest access without allowing outside guest access to the rest of your network!

The Intel® Unite™ plugin for Protected Guest Access allows a Guest Client device to connect to a Clearwater System without the need to be on the same Enterprise network.

This is possible because the Clearwater System can create an ad-hoc/hosted network (Access Point) where the device can connect, download, or join the Intel® Unite™ application for their client device.

– To install the Intel® Unite™ plugin for Protected Guest Access you will need Administrator rights.

– Important! In addition to the minimum Clearwater System requirements, the only supported network configuration is if the Clearwater System is connected to the corporate network through a wired connection, and the wireless network adapter is not connected to another access point (only Enabled). While it is possible to run the Protected Guest Access with the Clearwater System running as a wireless client, this configuration may introduce stability issues.

This works in either Enterprise or Standalone mode

Turn off network bridging on the Clearwater System that is running Guest Access.

In an Active Directory environment, set Group Policy Object on the Clearwater System which limit applications and users (GPO policies).

Deploy a firewall between Guest Access machines and corporate connections in order to limit unauthorized traffic.

You will need to deploy hardware or software based solutions to prevent executables from being pushed to the Clearwater like McAfee Application Control and Windows* App Locker or Device Guard on Windows* 10 devices.

Please verify and validate that the Intel® Unite™ application and the GuestAccessService is added to the Allowed Apps list in your Firewall settings.

The following boxes need to be checked.

  1. Internet Information Service (IIS)
  2. Manager and World Wide Web (HTTP)
  3. GuestAccessService


After that the plugin should be up and running and that “outsider” can now join in the fun!

But just in case—–Troubleshooting Guest Access

Verify that Certificate hashes preventing the plugin to work are not entered in the admin portal.

Your organization GPO Policies (Group Policy Object) might not allow virtual hosted networks, please consult with your system Administrator.

Ensure the Plugin Certificate Hash value for Protected Guest Access has been entered on the Admin Web Portal.

Ensure the Plugin Certificate Hash has been enabled on the Admin Web Portal.

Ensure the Clearwater System is connected to the corporate network through a wired connection

When in Standalone version, verify that you have enabled the plugin in the Settings – Plugin Tab- section by clicking on the checkbox “Trusted Plugins”.