Windows Server 2008 Thread, wireless network key, can it be set via group policy? in Technical; I've just a had a play around with the wireless settings in group policy and can not find anywhere to ...
wireless network key, can it be set via group policy?
I've just a had a play around with the wireless settings in group policy and can not find anywhere to type the wifi key.
I need to change our wifi key because even a baby could guess it. since we had a virus problem last week I wanted to change the wifi key so only school laptops can access it and I dont fancy going to eveyones laptop and entering the key for all 29 of them + 28 of our crappy netbooks(VYEs) (2 are broken)
I figured that if a network cable was conected this would allow group policy to update and configure wifi settings I've configured minimising the effort required for staff and my self.
Disclaimer, Copy/Paste, but might help :P Unless you're using XP?
Code:
Windows 2008 has built in policy GPO for wireless setting management.
You can configure your network setting using Certificates. It is the most recommended and secure way
But if you like to deploy the wireless settings using static key, you will have to use other way.
The steps bellow describe the way to deploy Wireless LAN settings with a Pre-Shared Key
The purpose is to Automate Adding Wireless Profile in Windows.
Preparations
•Configure Wireless settings on one workstation
•from command prompt run
netsh wlan export profile name="NameOfyourProfile" folder=c:\temp interface="wirelesssettings”
•Confirm that under c:\temp you have wirelesssettings.xml file
•Open wirelesssettings.xml file locate the following line
<protected>true</protected>
•Change it to <protected>false</protected>
•Under you will see encrypted line <keyMaterial>01000000D08C9DDF0115D1118</keyMaterial>
•Change it to your key like that <keyMaterial>Yourkey</keyMaterial>
Note: It means that your wireless key will be in clear text and everyone who has access to the file will be able to read your wireless key"
Deployment
•Copy your wireless settings xml file to NETLOGON
•Create a bat or cmd file with the following line
netsh wlan add profile filename="\\yourserver\NETLOGON\wirelesssettings.xml" user=all
•Run the bat file from some domain member computer and confirm that it works
After finishing all steps above you can deploy the script from GPO
Note: Setting are applicable for Windows Vista Windows 7 and Windows 2008 Only
No it won't work but there is an alternative. I have added a zip file to this post containing a .exe program and a batch file to call it. Modify the batch to reflect your wireless setup. It supports WEP / WPA and all other settings. Stick them in your netlogon share and call the script via your GPO - works perfectly here.
No it won't work but there is an alternative. I have added a zip file to this post containing a .exe program and a batch file to call it. Modify the batch to reflect your wireless setup. It supports WEP / WPA and all other settings. Stick them in your netlogon share and call the script via your GPO - works perfectly here.
This looks like it will work, I notice its set in your example to WEP. do you have a List of configuration switches as we use WPS-PSK -> AES
and the last 2 switches:
/KeyIndex:1 /KeyProvidedAutomatically:FALSE
What is this?
I'm still very new to network administration but I pick stuff up really well as along as I can understand it all.
In the wireless access points there are usually 4 optional keyindex's. You can specify 4 different encryption keys if you so wish. We only use the one, hence it is set to 1 in the attached file. Also some systems are set to auto provide the WEP / WPA key automatically, we don't want that so it is turned off.
EDIT --- You may need to set /Authentication:WPAPSK , I can't remember?
Last edited by themightymrp; 24th June 2011 at 02:35 PM.
No it won't work but there is an alternative. I have added a zip file to this post containing a .exe program and a batch file to call it. Modify the batch to reflect your wireless setup. It supports WEP / WPA and all other settings. Stick them in your netlogon share and call the script via your GPO - works perfectly here.
This is what we use as well. It's especially useful on images for Windows XP laptops as you can run it at first boot to enable the WiFi settings which are normally lost via SysPreping the base machine.
hi again, obviously with week end I ran out of time to get it working.
I asume this method is inconjuction with the GPO setting for wireless networks which allows you to configure the APs ?
when I tested this on friday afternoon it did not seem to work. maybe i got one of the switches wrong..
since its a switch based application I expected to get desciptive help using the /? switch. does anyone have a full list of confguration switches?
@themightymrp I checked that page, there is mention of the Zwlancfg util. would it be better using this one since it comes with a help files with all the configuration switches. would the switches be cross compatable ?
since I think our network is setup with WPA-PSK and AES I'm guessing this would work:
/Authentication:WPAPSK /Encryption:AES
If this makes any difference our wireless is all Ruckus gear but is manged and configured by Digitech. I've not got direct access to this system and have no idea how to manage it but I am able to request access to it if need be.
Last edited by RageRiot; 25th June 2011 at 06:09 PM.
I think the tool I uploaded is an older version of that Zwlancfg program. The newer version (paid for) also supports Vista and Win 7. You can download the trial version of the latest program and look through its help files. Pretty sure most of the switches are the same. I agree that its annoying that you can't do the /? thing though.
/Authentication:WPAPSK /Encryption:AES looks to be right to me. However having not used AES encryption I'm not 100% on its usage. @Sam_Brown - can you shed any light on this?
I used wirelessconfig app on XP but when we went to 7 you can export and import the wireless settings and specified key using the command netsh wlan add profile and deploy it via a startup script or GP.
I have to say I've never tried this method. I use the tool I uploaded earlier in this thread in a gpo. I have a startup script set and use that batch file with a couple of extra lines. Basically like this:
Code:
if exist "c:\deployedapps\wifi.txt" goto EOF
add wireless script here
copy "\\domain\netlogon\wifi.txt" "c:\deployedapps"
:EOF
Seems to work just fine. This is just for my XP clients
LinkBack URL
About LinkBacks
Originally Posted by RageRiot 
