baleman2
asked on
Windows 7 Network - Turn off "Display Password" prompt
We're attempting to make a domain-wide change to our Wireless Network's password. We'd like to keep our end users from discovering this new password.
Right now, any end user can:
1) Browse to Control Panel-->Network and Sharing Center-->Manage Wireless Networks
2) Drill down further to the Properties of the Wireless Network
3) Click on the Security tab
4) Check the box to "Show Characters"
5) Wireless Network Password is displayed.
We'd like to remove and / or disable the option to "Show Characters" which would allow us to keep the password private.
Would like to do this either via Domain Policy or Registry setting on the end user's device.
Right now, any end user can:
1) Browse to Control Panel-->Network and Sharing Center-->Manage Wireless Networks
2) Drill down further to the Properties of the Wireless Network
3) Click on the Security tab
4) Check the box to "Show Characters"
5) Wireless Network Password is displayed.
We'd like to remove and / or disable the option to "Show Characters" which would allow us to keep the password private.
Would like to do this either via Domain Policy or Registry setting on the end user's device.
That password is stored unencrypted, so no need to hide. I think you must be admin to see previously stored password in W7
See this link, about halfway down--I will copy what it says for your convenience. I have not tested this or used it so be cautious, as always, when adding to your GPOs
The method that I have used below is drastic as it prevents access to be able to edit WLAN profiles. Users can still connect to a wireless network they simply cannot edit any of the properties. Here’s how…
1.Create a new GPO and link it to the OU where you want the policy applied.
2.Edit the new GPO and navigate to User Configuration\Policies\Win dows Settings\Security Settings\Software Restriction Policies.
3.In the Object Type pane, double click on “Enforcement” and change the “Apply Software Restriction Policies to the following:” and check “All Software Files” which will include DLL files.
4.Next go to the “Additional Rules” node, right click on the blank area and add a new path rule.
5.In the Path field type C:\Windows\System32\wlanui .dll and select the security level as Disallowed. wlanui.dll is the Wireless Lan User Interface GUI.
6.Go to Computer Configuration\Policies\Adm inistrativ e Templates\System\Group Policy and set the “User Group Policy loopback processing mode” to Enabled and select Replace which will override any other policies this software policy will take precedence.
The method that I have used below is drastic as it prevents access to be able to edit WLAN profiles. Users can still connect to a wireless network they simply cannot edit any of the properties. Here’s how…
1.Create a new GPO and link it to the OU where you want the policy applied.
2.Edit the new GPO and navigate to User Configuration\Policies\Win
3.In the Object Type pane, double click on “Enforcement” and change the “Apply Software Restriction Policies to the following:” and check “All Software Files” which will include DLL files.
4.Next go to the “Additional Rules” node, right click on the blank area and add a new path rule.
5.In the Path field type C:\Windows\System32\wlanui
6.Go to Computer Configuration\Policies\Adm
ASKER
To lionelmm:
I like the looks of this, but:
If this rule is applied as a GPO, what happens when a new device (to be delivered to a new employee) must join the wireless network?
Would we be able to join without restriction or would we have to disable the GPO until the new device is joined.
Ultimately, the only .dll file that would be affected is wlanui.dll as shown is Step 5?
I like the looks of this, but:
If this rule is applied as a GPO, what happens when a new device (to be delivered to a new employee) must join the wireless network?
Would we be able to join without restriction or would we have to disable the GPO until the new device is joined.
Ultimately, the only .dll file that would be affected is wlanui.dll as shown is Step 5?
You can't disable this feature specifically. Rather, you have to disable access to "Network and Sharing Center" entirely for the users
http://superuser.com/questions/643886/keep-windows-from-showing-a-wifi-password
Note that it may still be possible to extract the password using other utilities:
http://securityxploded.com/wifi-password-secrets.php
You may also want to consider switching from a Pre-shared Key (PSK) for wifi to using a RADIUS server for authentication and encryption:
https://community.aerohive.com/aerohive/topics/why_would_i_want_to_set_up_my_wifi_network_with_a_radius_server
http://superuser.com/questions/643886/keep-windows-from-showing-a-wifi-password
To disable Network & Sharing Center through GPO:
Create a new GPO and link it to the OU where you want the policy applied.
Edit the new GPO and navigate to User Configuration\Policies\Windows Settings\Security Settings\Software Restriction Policies.
In the Object Type pane, double click on “Enforcement” and change the “Apply Software Restriction Policies to the following:” and check “All Software Files” which will include DLL files.
Next go to the “Additional Rules” node, right click on the blank area and add a new path rule.
In the Path field type C:\Windows\System32\wlanui.dll and select the security level as Disallowed. wlanui.dll is the Wireless Lan User Interface GUI.
Go to Computer Configuration\Policies\Administrativ e Templates\System\Group Policy and set the “User Group Policy loopback processing mode” to Enabled and select Replace which will override any other policies this software policy will take precedence.
Note that it may still be possible to extract the password using other utilities:
http://securityxploded.com/wifi-password-secrets.php
You may also want to consider switching from a Pre-shared Key (PSK) for wifi to using a RADIUS server for authentication and encryption:
https://community.aerohive.com/aerohive/topics/why_would_i_want_to_set_up_my_wifi_network_with_a_radius_server
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We have no problem connecting the device to the wireless network BEFORE connecting to the domain. Out department touches all new devices for configuration before they're handed out to the end user.
Your solution should be just right for our needs.
Thanks!
Your solution should be just right for our needs.
Thanks!