+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
Windows Server 2008 Thread, wireless network key, can it be set via group policy? in Technical; I've just a had a play around with the wireless settings in group policy and can not find anywhere to ...
  1. #1

    Join Date
    Apr 2011
    Location
    Manchester
    Posts
    173
    Thank Post
    10
    Thanked 8 Times in 7 Posts
    Rep Power
    21

    wireless network key, can it be set via group policy?

    I've just a had a play around with the wireless settings in group policy and can not find anywhere to type the wifi key.

    I need to change our wifi key because even a baby could guess it. since we had a virus problem last week I wanted to change the wifi key so only school laptops can access it and I dont fancy going to eveyones laptop and entering the key for all 29 of them + 28 of our crappy netbooks(VYEs) (2 are broken)

    I figured that if a network cable was conected this would allow group policy to update and configure wifi settings I've configured minimising the effort required for staff and my self.

    Thanks in advanced.

  2. #2

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,698
    Thank Post
    335
    Thanked 516 Times in 484 Posts
    Rep Power
    180
    Disclaimer, Copy/Paste, but might help :P Unless you're using XP?

    Code:
    Windows 2008 has built in policy GPO for wireless setting management. 
    You can configure your network setting using Certificates. It is the most recommended and secure way 
    But if you like to deploy the wireless settings using static key, you will have to use other way.
    
    The steps bellow describe the way to deploy Wireless LAN settings with a Pre-Shared Key 
    The purpose is to Automate Adding Wireless Profile in Windows.
    
    Preparations
    
    •Configure Wireless settings on one workstation 
    •from command prompt run 
    netsh wlan export profile name="NameOfyourProfile" folder=c:\temp interface="wirelesssettings” 
    •Confirm that under c:\temp you have wirelesssettings.xml file 
    •Open wirelesssettings.xml file locate the following line 
    <protected>true</protected> 
    •Change it to <protected>false</protected> 
    •Under you will see encrypted line <keyMaterial>01000000D08C9DDF0115D1118</keyMaterial> 
    •Change it to your key like that <keyMaterial>Yourkey</keyMaterial>
    
    Note: It means that your wireless key will be in clear text and everyone who has access to the file will be able to read your wireless key"
    
    Deployment
    
    •Copy your wireless settings xml file to NETLOGON 
    •Create a bat or cmd file with the following line 
    netsh wlan add profile filename="\\yourserver\NETLOGON\wirelesssettings.xml" user=all 
    •Run the bat file from some domain member computer and confirm that it works 
    After finishing all steps above you can deploy the script from GPO
    
    Note: Setting are applicable for Windows Vista Windows 7 and Windows 2008 Only

    Steve

  3. 2 Thanks to Steve21:

    RageRiot (24th June 2011), themightymrp (24th June 2011)

  4. #3
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,221
    Thank Post
    216
    Thanked 227 Times in 196 Posts
    Rep Power
    73
    Thats much easier than what I do!!! Thanks

  5. #4

    Join Date
    Apr 2011
    Location
    Manchester
    Posts
    173
    Thank Post
    10
    Thanked 8 Times in 7 Posts
    Rep Power
    21
    the machines are using XP but the servers are 2008, will this not work then ?

  6. #5
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,405
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    Might be easier to set yourself up a RADIUS server instead on your 2008 Box then in the GPO setup an XP Certificate ..

  7. #6

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,698
    Thank Post
    335
    Thanked 516 Times in 484 Posts
    Rep Power
    180
    Quote Originally Posted by RageRiot View Post
    the machines are using XP but the servers are 2008, will this not work then ?
    Honestly not sure, Just from this line:

    Code:
    Note: Setting are applicable for Windows Vista Windows 7 and Windows 2008 Only
    Either it means it won't work, or just it's different "settings" you need to pick.

    Steve

  8. #7
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,221
    Thank Post
    216
    Thanked 227 Times in 196 Posts
    Rep Power
    73
    No it won't work but there is an alternative. I have added a zip file to this post containing a .exe program and a batch file to call it. Modify the batch to reflect your wireless setup. It supports WEP / WPA and all other settings. Stick them in your netlogon share and call the script via your GPO - works perfectly here.
    Attached Files Attached Files

  9. 2 Thanks to themightymrp:

    DarrenShan (20th July 2011), RageRiot (24th June 2011)

  10. #8

    Join Date
    Apr 2011
    Location
    Manchester
    Posts
    173
    Thank Post
    10
    Thanked 8 Times in 7 Posts
    Rep Power
    21
    Quote Originally Posted by themightymrp View Post
    No it won't work but there is an alternative. I have added a zip file to this post containing a .exe program and a batch file to call it. Modify the batch to reflect your wireless setup. It supports WEP / WPA and all other settings. Stick them in your netlogon share and call the script via your GPO - works perfectly here.
    This looks like it will work, I notice its set in your example to WEP. do you have a List of configuration switches as we use WPS-PSK -> AES

    and the last 2 switches:
    /KeyIndex:1 /KeyProvidedAutomatically:FALSE

    What is this?

    I'm still very new to network administration but I pick stuff up really well as along as I can understand it all.

    Thanks for the replies

  11. #9
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,221
    Thank Post
    216
    Thanked 227 Times in 196 Posts
    Rep Power
    73
    You want something along these lines:

    Code:
    WifiCfg_XP.exe -add /SSID:EduGeek /Authentication:WPA /Encryption:TKIP /KeyProvidedAutomatically:TRUE /IEEE8021xEnabled:TRUE /EAPType:PEAP /InnerAuthentication:MSCHAPv2 /EnableFastReconnect:TRUE
    There is more detail on this previous thread

    script for joining wireless networks

    In the wireless access points there are usually 4 optional keyindex's. You can specify 4 different encryption keys if you so wish. We only use the one, hence it is set to 1 in the attached file. Also some systems are set to auto provide the WEP / WPA key automatically, we don't want that so it is turned off.


    EDIT --- You may need to set /Authentication:WPAPSK , I can't remember?
    Last edited by themightymrp; 24th June 2011 at 02:35 PM.

  12. #10
    Sam_Brown's Avatar
    Join Date
    Sep 2009
    Location
    Northampton
    Posts
    574
    Thank Post
    97
    Thanked 40 Times in 38 Posts
    Rep Power
    18
    Quote Originally Posted by themightymrp View Post
    No it won't work but there is an alternative. I have added a zip file to this post containing a .exe program and a batch file to call it. Modify the batch to reflect your wireless setup. It supports WEP / WPA and all other settings. Stick them in your netlogon share and call the script via your GPO - works perfectly here.
    This is what we use as well. It's especially useful on images for Windows XP laptops as you can run it at first boot to enable the WiFi settings which are normally lost via SysPreping the base machine.

  13. #11

    Join Date
    Apr 2011
    Location
    Manchester
    Posts
    173
    Thank Post
    10
    Thanked 8 Times in 7 Posts
    Rep Power
    21
    hi again, obviously with week end I ran out of time to get it working.

    I asume this method is inconjuction with the GPO setting for wireless networks which allows you to configure the APs ?

    when I tested this on friday afternoon it did not seem to work. maybe i got one of the switches wrong..

    since its a switch based application I expected to get desciptive help using the /? switch. does anyone have a full list of confguration switches?

    @themightymrp I checked that page, there is mention of the Zwlancfg util. would it be better using this one since it comes with a help files with all the configuration switches. would the switches be cross compatable ?

    since I think our network is setup with WPA-PSK and AES I'm guessing this would work:
    /Authentication:WPAPSK /Encryption:AES

    If this makes any difference our wireless is all Ruckus gear but is manged and configured by Digitech. I've not got direct access to this system and have no idea how to manage it but I am able to request access to it if need be.
    Last edited by RageRiot; 25th June 2011 at 06:09 PM.

  14. #12
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,221
    Thank Post
    216
    Thanked 227 Times in 196 Posts
    Rep Power
    73
    I think the tool I uploaded is an older version of that Zwlancfg program. The newer version (paid for) also supports Vista and Win 7. You can download the trial version of the latest program and look through its help files. Pretty sure most of the switches are the same. I agree that its annoying that you can't do the /? thing though.

    /Authentication:WPAPSK /Encryption:AES looks to be right to me. However having not used AES encryption I'm not 100% on its usage. @Sam_Brown - can you shed any light on this?

  15. #13
    jsnetman's Avatar
    Join Date
    Oct 2007
    Posts
    887
    Thank Post
    23
    Thanked 134 Times in 126 Posts
    Rep Power
    40
    I used wirelessconfig app on XP but when we went to 7 you can export and import the wireless settings and specified key using the command netsh wlan add profile and deploy it via a startup script or GP.

  16. #14

    Join Date
    Oct 2008
    Posts
    214
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    22

  17. #15
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,221
    Thank Post
    216
    Thanked 227 Times in 196 Posts
    Rep Power
    73
    I have to say I've never tried this method. I use the tool I uploaded earlier in this thread in a gpo. I have a startup script set and use that batch file with a couple of extra lines. Basically like this:

    Code:
    if exist "c:\deployedapps\wifi.txt" goto EOF
    
    add wireless script here
    
    copy "\\domain\netlogon\wifi.txt" "c:\deployedapps"
    
    :EOF
    Seems to work just fine. This is just for my XP clients

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Set time in Group Policy?
    By El_Nombre in forum Windows Server 2008 R2
    Replies: 1
    Last Post: 27th April 2011, 02:20 PM
  2. Set the background colour in Group policy
    By zag in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 17th December 2009, 02:57 PM
  3. Set colour quality in group policy
    By bladedanny in forum Windows Server 2000/2003
    Replies: 2
    Last Post: 13th July 2009, 02:28 PM
  4. Wireless key on group policy?
    By zag in forum Wireless Networks
    Replies: 6
    Last Post: 13th July 2009, 11:53 AM
  5. Replies: 5
    Last Post: 7th December 2007, 09:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •