Deploying WPA2 WiFi profile (including Pre-Shared key) using Group Policy

Date : April 13, 2019

Problem

Whilst there is a setting in Group Policy Preferences to deploy WiFi settings, this does not include the WiFi Pre-Shared Key (PSK).

The following method will allow you to also push out the Pre-Shared Key:

Solution

From a PC that already has the WiFi profile installed, open command prompt (as admin) and run the following command:

netsh wlan show profiles

Make a note of the name of the profile you want to export – such as MyWiFiSSID

Run the following command, replacing the profile name with the one you wish to export, and path to an existing folder where an XML file will be created

netsh wlan export profile name="MyWiFiSSID" folder=C:\WLAN key=clear

(Note that the key=clear is vital for this to work)

Copy that XML file to a network share that is accessible from the computer accounts. Do bear in mind the WiFi key is visible in plain text within this file, so consideration must be taken as where/how to store it.

The following command is used to install the profile:

netsh wlan add profile filename="\\servername\share\Wi-Fi-MyWiFiSSID.xml" user=all

… however, this will reinstall and reconnect the WiFi profile each time, causing a brief disconnect at startup.

From my experience, the best method is to create a Computer Startup .bat script GPO that will only run once. This one does the trick:

WiFi_deploy.bat

netsh wlan show profile MyWiFiSSID
if %errorlevel%==0 goto end
netsh wlan add profile filename="\\servername\share\Wi-Fi-MyWiFiSSID.xml" user=all
:END

Many thanks to Ignacio for this more elegant deployment solution!

Comments (6)

Andrea Rochira

Thanks for this solution. One question, deploying the XML file will overwrite any other saved wifi user-defined connections? Since many users in our company work from home, I don’t want either to prevent the configuration of new wifi connections nor to flush all the existing wifi profiles.

Thanks in advance for this clarification.

4 years ago
    admin

    No – this will add a profile alongside any previously existing.

    If the profile name already exists, I believe it overwrites it.

    2 years ago
Ignacio

Great post, for me a better solution, check if profile exists (errorlevel=0 ends)

netsh wlan show profile MyWiFiSSID
if %errorlevel%==0 goto end
netsh wlan add profile filename=”\\servername\share\Wi-Fi-MyWiFiSSID.xml” user=all

:END

2 years ago
    admin

    Thank you! I have updated the article.

    2 years ago
    Lutz

    Ein Einzeiler genügt

    netsh wlan show Profile MyWiFiSSID && netsh wlan add profile filename=“\\servername\share\Wi-Fi-MyWiFiSSID.xml“ user=all

    3 months ago
Djoek

i tried the same even with the broadcast part

netsh wlan show profile Profiel
netsh wlan set profileparameter name=profiel nonbroadcast=yes
if %errorlevel%==0 goto end
netsh wlan add profile filename=”\\servernaam\share\share\Corp Wifi\WiFi-profiel.xml” user=all
netsh wlan connect name=”profiel”
:END

but not working

6 months ago

Leave a Reply

Your email address will not be published. Required fields are marked *

@