Deploying WPA2 WiFi profile (including Pre-Shared key) using Group Policy

Date : April 13, 2019

Problem

Whilst there is a setting in Group Policy Preferences to deploy WiFi settings, this does not include the WiFi Pre-Shared Key (PSK).

The following method will allow you to also push out the Pre-Shared Key:

Solution

From a PC that already has the WiFi profile installed:

Open command prompt (as admin) and run the following command. Make a note of the name of the profile you want to export:

netsh wlan show profiles

Run the following command, replacing the profile name with the one you wish to export, and path to an existing folder where an XML file will be created

netsh wlan export profile name="MyWiFiSSID" folder=C:\WLAN key=clear

Note that the key=clear is vital for this to work.

Copy that XML file to a network share that is accessible from the computer accounts. Do bear in mind the WiFi key is visible in plain text within this file, so consideration must be taken as where/how to store it.

The following command is used to install the profile:

netsh wlan add profile filename="\\servername\share\Wi-Fi-MyWiFiSSID.xml" user=all

… however, this will reinstall and reconnect the WiFi each time.

From my experience, the best method is to create a Computer Startup script GPO that will only run once. This one does the trick:

IF EXIST C:\WiFi.txt GOTO END

netsh wlan add profile filename="\\servername\share\Wi-Fi-MyWiFiSSID.xml" user=all >> C:\WiFi.txt

:END

Leave a Reply

Your e-mail address will not be published. Required fields are marked *

@