group_policy >> Any Way to Push out Wireless WPA Key with AD/Group Policy??

by Todd » Sat, 09 Feb 2008 02:45:31 GMT

We just setup a WiFi network at work and it's setup using WPA-PSK with
TKIP. I had planned to use the wireless GPO to send out the config for
our network, including the key. Now I find out it doesn't support
sending out the key, which I find utterly ridiculous. I was trying to
avoid the hassle of an 802.1x infrastructure. Is there any way to push
out the key to everyone's laptop??


group_policy >> Any Way to Push out Wireless WPA Key with AD/Group Policy??

by Mark Heitbrink [MVP] » Sat, 09 Feb 2008 03:28:03 GMT


Todd schrieb:

Definetly NO GO! Wireless CSE only works with certificates, because of
security reasons. So, the first contact is always be by wire, the settings
and die certificate is applied, after that Wirelee will work.

The reason:
You need to write down the PSK into a file or inside the AD, no matter
where. Every authenticated User is allowed to read the SYSVOL (all files
of a GPO) and the AD, the key wouldn be a "secret" ...
If you crypt it, the DLL that is importing the key will decrypt is, so
just run a debugging tool and read the cecrypted Passphrase.
Thats why PSK is not implemented.

Mark Heitbrink - MVP Windows Server - Group Policy

Homepage: - deutsch
Blog: - english

Similar Threads

1. Wireless Group Policy: No field to enter the key for WPA-PSK


im trying to set up a Group Policy (Windows Server 2003 SP1) to configure 
the Wireless LAN settings. If I choose the Network Authentication WPA-PSK 
there is no field where I can enter my Pre-Shared-Key (it doesn't matter 
which Data encryption option I select). The checkbox "The Key is provided 
automatically" is checked and greyed-out, so that I can't uncheck this option.
Does somebody know, where I can enter the PSK, or is this a bug?
I know that WPA-PSK is not intented to use for bigger environments, but for 
my scenario it's ok.

Thanks in advance for your answers,

Denis Holtkamp

2. Group Policy not pushing to wireless clients

3. Push out Office via AD/Group policy

Ok, I have gone through the process to install Office 2007 through 
AD/Group Policy Management Console on machines in our domain.

With other applications we push out, if the application isn't installed, 
it installs it.  If it is installed, it doesn't do anything else.

It appears though that with the Office Enterprise 2007 that if it IS 
installed, that it re installs Office 2007...

Is there a way to configure AD/GPMC to only install Office if it ISN'T 
installed already?????


4. using AD group policy to push a trusted zone

5. Deploying security key using Wireless Access Group Policy

Hi all,

I'd like to set a Group Policy for my wireless terminals which
specifies to use WPA-PSK, to use a specific security key, and which
Wireless Access Point to connect to.

I have a problem though as when I try to tell the Group Policy what
the Network Options are, when I select WPA-PSK from the drop down box,
the checkbox "The Key is provided automatically" is selected and
greyed out so I can't deselect it.  Though my key isn't provided
automatically, I am not using 802.1x RADIUS, I want to manually plumb
in the WPA-PSK security key and deploy that to all my clients.

Can this be done?

6. wireless network properties not keeping wpa-psk network key - Windows XP Help&Support

7. Wireless connection dies after WPA/TKIP key renewal

I have configured my laptop with WindowsXP Pro to use WPA 
Pre Shared Key and TKIP. I have configured my router 
(Linksys WRT54g) to renew the keys after 3600 secs.

After 3600 secs my wireless connection dies: the status 
shows that the connection is still up, but no packages are 
being transmitted. I need to disable and re-enable the 
wireless network device, which effectively builds a new 
connection, to get the connection going again.

Any idea how to solve this? - Thanks!


8. Enabling WPA-PSK for network key in Wireless Network Properties