how to prevent access to the wireless encryption key in windows 7

Need more information, what type of enviroment are you running a windows domain? do users have local admin access to the machine.

academic environment with areas of wireless access using wpa2/aes where students have laptops in specific classrooms, where previously the security key was able to be hidden. we're currently building a template Windows 7 laptop which will be cloned and need to have the key hidden. The students have local admin access in order to run certain applications. I'm thinking that there must be some sort of GP setting or registry fix for this, but it's not intuitively obvious. I appreciate any help that you can provide on this-Thanks in advance!!!!

If the users have local admin access to the machine I do not believe there is a way to hide the key. You might want to look into setting up a RADIUS server to authenticate with your AP if users are logging into the domain.

I believe windows call this IAS for server 2003 and NAP for server 2008.

Have a look at this thread also.

https://www.experts-exchange.com/questions/25463535/GPO-to-hide-network-key-in-windows-7.html

Please look at this site,

http://www.sevenforums.com/network-sharing/68280-any-way-mask-hide-wifi-keys.html

you cannot prevent local admins from viewing the key, however you can fix your applications.

the problem is not the key being visible, its that you arent solving the compatibility issues with your software apps to allow them to run on a non-admin user.

look into application virtualization (you probably have licensing already if you have an EA agreement with microsoft)

propose to go into user mode as it is not only wlan keys, with such rights they would be able to do alot. Else put them into a user domain group with specific rights. note that device port is also open, they would import tools for data siphoning, privilege escalation etc. Even if you masked out the registry locally, they can easily undo it. Do consider also the network segregation of the user test lan to isolate any abuse and ripple into corporate lan.

None of the proposed/suggested solutions were useable in our environment. We resolved the issue by changing the template user from being a member of the Administrators group to being a member of the Power users group with elevated privileges. Now users cannot view the encryption key. We did not need to reconfigure our access points, other clients, make changes to application settings, setup a radius server, nor isolate LAN segments to accomplish this.