Change TKIP to AES remotely

I have over 200 wireless machines that are currently wpa2 and TKIP.  My old Cisco controller didn't allow wpa2 and AES so we used TKIP.  My new controller a Cisco 5520 doesn't not allow wpa2 and TKIP. I'm stuck in catch 22.  Is there any way to change TKIP on the machines remotely, my users have no rights on the machines and I'd have to take off all the autologin settings and one by one change the encryption.  I don't want to have to create a group policy.  I'd rather use a script if possible
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WellingtonISAuthor Commented:
Will this work on Windows 10 I have a mix.  Also the profiles or SSID's are the same.
It will work on win10, yes.

For the switch to be as easy as it gets, configure a new SSID on your new switch.
Thriving as a woman in IT

The IT workforce is diversifying, but the gender gap in tech remains very real. Overcoming stereotypes, and the glass ceiling is important not only for individual women working in the field but for the industry as a whole. Here are eight things women in IT do to succeed.

WellingtonISAuthor Commented:
OK thanks.  But I'm going to delete the profile and add it back.  I think that will give me what I need.
How are you going to do that? Can you even delete the current profile while it's in use?
WellingtonISAuthor Commented:
That's the problem we can delete it, it changes but it's not automatically reconnecting  I wish there was a way via command to change TKIP to AES
Joe FulginitiNetwork EngineerCommented:
Are you using wpa enterprise or wpa personal?
I guess it will reconnect if you disable the adapter and enable it again. This needs to be done by a script that gets copied locally, first, before the connection breaks. Will try for myself.
WellingtonISAuthor Commented:
Actually we managed to do it.
netsh wlan set profileparameter name="xxxxx" encryption=AES
Ok, and is that deployable? I wonder if your script won't need a WLAN connection to be executed from its source.
WellingtonISAuthor Commented:
Yes.  If you copy the script to the machine and run it, it does the trick.
Yes, as I said, that of course will do it.
So, are we ready to close this, or any further questions?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.