Windows 7 Network - Turn off "Display Password" prompt

We're attempting to make a domain-wide change to our Wireless Network's password.  We'd like to keep our end users from discovering this new password.

Right now, any end user can:
1) Browse to Control Panel-->Network and Sharing Center-->Manage Wireless Networks
2) Drill down further to the Properties of the Wireless Network
3) Click on the Security tab
4) Check the box to "Show Characters"
5) Wireless Network Password is displayed.

We'd like to remove and / or disable the option to "Show Characters" which would allow us to keep the password private.

Would like to do this either via Domain Policy or Registry setting on the end user's device.
baleman2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
That password is stored unencrypted, so no need to hide. I think you must be admin to see previously stored password in W7
0
Lionel MMSmall Business IT ConsultantCommented:
See this link, about halfway down--I will copy what it says for your convenience. I have not tested this or used it so be cautious, as always, when adding to your GPOs
The method that I have used below is drastic as it prevents access to be able to edit WLAN profiles. Users can still connect to a wireless network they simply cannot edit any of the properties. Here’s how…
1.Create a new GPO and link it to the OU where you want the policy applied.
2.Edit the new GPO and navigate to User Configuration\Policies\Windows Settings\Security Settings\Software Restriction Policies.
3.In the Object Type pane, double click on “Enforcement” and change the “Apply Software Restriction Policies to the following:” and check “All Software Files” which will include DLL files.
4.Next go to the “Additional Rules” node, right click on the blank area and add a new path rule.
5.In the Path field type C:\Windows\System32\wlanui.dll and select the security level as Disallowed. wlanui.dll is the Wireless Lan User Interface GUI.
6.Go to Computer Configuration\Policies\Administrative Templates\System\Group Policy and set the “User Group Policy loopback processing mode” to Enabled and select Replace which will override any other policies this software policy will take precedence.
0
baleman2Author Commented:
To lionelmm:

I like the looks of this, but:

If this rule is applied as a GPO, what happens when a new device (to be delivered to a new employee) must join the wireless network?

Would we be able to join without restriction or would we have to disable the GPO until the new device is joined.

Ultimately, the only .dll file that would be affected is wlanui.dll as shown is Step 5?
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

marsiliesCommented:
You can't disable this feature specifically. Rather, you have to disable access to "Network and Sharing Center" entirely for the users

http://superuser.com/questions/643886/keep-windows-from-showing-a-wifi-password
To disable Network & Sharing Center through GPO:

Create a new GPO and link it to the OU where you want the policy applied.

Edit the new GPO and navigate to User Configuration\Policies\Windows Settings\Security Settings\Software Restriction Policies.

In the Object Type pane, double click on “Enforcement” and change the “Apply Software Restriction Policies to the following:” and check “All Software Files” which will include DLL files.

Next go to the “Additional Rules” node, right click on the blank area and add a new path rule.
In the Path field type C:\Windows\System32\wlanui.dll and select the security level as Disallowed. wlanui.dll is the Wireless Lan User Interface GUI.

Go to Computer Configuration\Policies\Administrative Templates\System\Group Policy and set the “User Group Policy loopback processing mode” to Enabled and select Replace which will override any other policies this software policy will take precedence.

Note that it may still be possible to extract the password using other utilities:
http://securityxploded.com/wifi-password-secrets.php


You may also want to consider switching from a Pre-shared Key (PSK) for wifi to using a RADIUS server for authentication and encryption:
https://community.aerohive.com/aerohive/topics/why_would_i_want_to_set_up_my_wifi_network_with_a_radius_server
0
Lionel MMSmall Business IT ConsultantCommented:
Yes the approach I have suggested will prove to be a problem if the the device is connected to the domain before the device is connected to the wireless network (if by wired connection for example). However how is the device connected now--manually device by device and wired or wirelessly? The goal is keep the password from the user of the device so that means someone else needs to enter the password manually. So whoever that person is (who know the password) will have to connect the device to the wireless network and then join it to the domain. Thus the GPO that disallows access to the Wireless Lan User Interface GU will not be applied until after the device has already joined the wireless network.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
baleman2Author Commented:
We have no problem connecting the device to the wireless network BEFORE connecting to the domain.  Out department touches all new devices for configuration before they're handed out to the end user.

Your solution should be just right for our needs.

Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.