Deploying WPA2 WiFi profile (including Pre-Shared key) using Group Policy
Whilst there is a setting in Group Policy Preferences to deploy WiFi settings, this does not include the WiFi Pre-Shared Key (PSK).
The following method will allow you to also push out the Pre-Shared Key:
From a PC that already has the WiFi profile installed, open command prompt (as admin) and run the following command:
netsh wlan show profiles
Make a note of the name of the profile you want to export – such as
Run the following command, replacing the profile name with the one you wish to export, and path to an existing folder where an XML file will be created
netsh wlan export profile name="MyWiFiSSID" folder=C:\WLAN key=clear
(Note that the key=clear is vital for this to work)
Copy that XML file to a network share that is accessible from the computer accounts. Do bear in mind the WiFi key is visible in plain text within this file, so consideration must be taken as where/how to store it.
The following command is used to install the profile:
netsh wlan add profile filename="\\servername\share\Wi-Fi-MyWiFiSSID.xml" user=all
… however, this will reinstall and reconnect the WiFi profile each time, causing a brief disconnect at startup.
From my experience, the best method is to create a Computer Startup .bat script GPO that will only run once. This one does the trick:
netsh wlan show profile MyWiFiSSID if %errorlevel%==0 goto end netsh wlan add profile filename="\\servername\share\Wi-Fi-MyWiFiSSID.xml" user=all :END
Many thanks to Ignacio for this more elegant deployment solution!
Thanks for this solution. One question, deploying the XML file will overwrite any other saved wifi user-defined connections? Since many users in our company work from home, I don’t want either to prevent the configuration of new wifi connections nor to flush all the existing wifi profiles.
Thanks in advance for this clarification.
No – this will add a profile alongside any previously existing.
If the profile name already exists, I believe it overwrites it.
Great post, for me a better solution, check if profile exists (errorlevel=0 ends)
netsh wlan show profile MyWiFiSSID
if %errorlevel%==0 goto end
netsh wlan add profile filename=”\\servername\share\Wi-Fi-MyWiFiSSID.xml” user=all
Thank you! I have updated the article.