none
How to Disable function "Show Character" in wireless connection?

    Pertanyaan

  • Hi all,

    I have working in company which have 20 laptop but 10 laptop can access internet by wireless in company. In Wireless, i config WAP Presional and Encrytion TKIP and i config connection a wireless  in laptop( user who use laptop don't know a Preshare key(security key)).

    Yesterday, i found a lot laptop connect internet via wireless. I check security a wireless access point which no problem. So i check laptop of user.

    Laptop run Window Vista Bussiness, open wireless adapter connection --> Properties. In Security Tab i saw a check box " Show characters". I check it so Network security key is show. What is that? i don't know why Window Vista have a function? i use window xp haven't a problem(?). The staff saw a pre share key and give other staff use laptop(didn't have key before) use key to connecting internet.

    Now, I want disable a function so staff can see key. I don't know do it, can you help me?

    Thank you.
    15 Juli 2009 8:11

Jawaban

  • Hi,

     

    Thanks for posting in Microsoft TechNet Forum.

     

    As I know, this feature is by design. If you want to disable this function, it requires a new design. I'm afraid that it is not allowed to do so. I'm sorry for bringing you this concern, however, I recommend that you reset your network settings and don't check "Show characters" box. Generally, the marked password is by default as a security network.

     

    By the way, for product design questions, you can share your opinions in Microsoft Feedback & Idea Center..

     

    Hope this helps. Thanks.

    17 Juli 2009 8:55

Semua Balasan

  • Hi,

     

    Thanks for posting in Microsoft TechNet Forum.

     

    As I know, this feature is by design. If you want to disable this function, it requires a new design. I'm afraid that it is not allowed to do so. I'm sorry for bringing you this concern, however, I recommend that you reset your network settings and don't check "Show characters" box. Generally, the marked password is by default as a security network.

     

    By the way, for product design questions, you can share your opinions in Microsoft Feedback & Idea Center..

     

    Hope this helps. Thanks.

    17 Juli 2009 8:55
  • Ok, here is what we have found so far. Basically only way to prevent users is to make them a standard user on the local machine, which is by design to protect machine. However, we automatically through GPOs make local users administrators of their machines in particular situations, and they are allowed to view and show characters or copy info to a usb stick. My question is there a way to disable that through GPO setting even though they are local admin.

     

    Thanks,
    Scott Owens

    ICS

    19 Oktober 2010 21:21
  • I'm in the same boat as Scott.  By default, our users are not local admins of their workstations, so the majority is not a problem; HOWEVER, there are a certain few who have laptops that have to be local admins because of active x control issues and software programmers who refuse to write their software to work with basic user rights. 

    So if a person finds out that they can retrieve the key in their wireless network would pose to be a huge breach in security.  I'm surprised Microsoft didn't develop a way to disable this feature for administrators of the local workstation. 


    JB
    25 April 2011 12:53
  • Has anyone heard if Microsoft is going to make any enhancments to allow us to hide this? I am in  a school district as well and just recently found this out that they can see the key.

     

    Thanks

    11 Mei 2011 17:24
  • I'm tired of searching the net for for the solution of this problem. Still no answer form Microsoft! 
    01 Juli 2011 6:48
  • I spent last 3 days searching internet for any solution to this problem but still can not find anything also and it is very silly from Microsoft that there is no option to disable Show Characters box .
    24 Agustus 2011 8:13
  • I have clients that have laptop users and the laptop users need local administrator rights on their computers. I found out that restricting access to the Network and Sharing Center did not prevent the ability to view and see the properties (including the wireless keys) for local administrators. I was still able to view these properties through a shortcut to Manage Wireless Networks and/or by right clicking on a WLAN adapter, then Status, then Wireless Properties. Therefore, I set out to find a different method to prevent access to this information using a Software Restriction Policies GPO. The method that I have used below is drastic as it prevents access to be able to edit WLAN profiles. Users can still connect to a wireless network they simply cannot edit any of the properties. Here’s how…

    1.    Create a new GPO and link it to the OU where you want the policy applied.

    2.    Edit the new GPO and navigate to User Configuration\Policies\Windows Settings\Security Settings\Software Restriction Policies.

    3.    In the Object Type pane, double click on “Enforcement” and change the “Apply Software Restriction Policies to the following:” and check “All Software Files” which will include DLL files.

    4.    Next go to the “Additional Rules” node, right click on the blank area and add a new path rule.

    5.    In the Path field type C:\Windows\System32\wlanui.dll and select the security level as Disallowed. wlanui.dll is the Wireless Lan User Interface GUI.

    6.    Go to Computer Configuration\Policies\Administrative Templates\System\Group Policy and set the “User Group Policy loopback processing mode” to Enabled and select Replace which will override any other policies this software policy will take precedence.

    Hopefully others will be able to use this method.
    • Disarankan sebagai Jawaban oleh BBPHD 10 Januari 2012 21:40
    21 Desember 2011 0:24
  • I implemented this to prevent those with loose lips from accessing our PSK. Step 6 is not completely necessary if you have your GPO set-up to handle user configurations and is actually a pain because it affects every user that logs into the computer. I have the GPO set to only the users folder in AD, then the domain admin account is in a different OU. This allows you to access the computer using the domain admin account and make changes to the WLAN properties.
    10 Januari 2012 21:46
  • Thanks TechDoctor - this was the best solution I have found for our school!
    18 Januari 2012 14:36
  • The solution you propose is similar to amputating a jawbone to fix a toothache, but your heart is in the right place.  Suppose users are moving around with their laptops and need access to that?  Or, does the GPO dissapear when the pc is removed from the domain?  Wouldn't there be a difficult time of configuring the initial wireless network settings if that feature was disabled?
    18 Maret 2012 12:28
  • Hi Friends,

    We have issue that so many outside visiter visit at our office and bring their laptops, we provide access on our wireless. By this issue our WPA key is visible and there is no meaning of security if its visible on visiter laptop basically this WPA key is require to keep secure from the visitors.

    20 April 2012 9:26
  • TechDoctor's solution is great! Thank you so much for this!! Exactly what I was looking for.

    In our situation, only our company owned office computers connects to a certain network for which only I should know the password.  The show password really frustrated me as I didn't want to maintain a MAC address list for 'allowed' machines or have a radius server anything like that(which is really the right way to do it).  The gpo will stick when a user is outside the office.  With this in place, you are free to connect to wireless networks and you can edit IP and DNS info on your connection. 

    You can't use the 'Manage wireless Networks' function, so you can't 'forget your connection'.  Under Wifi status, the Wireless Properties box is inaccessible, so you can't change the option to 'connect to this network automatically' or any authentication methods for your wifi networks.  Windows 8 has no 'manage wireless networks' option, and instead there is a metro UI way to forget a network, so that works, but you still can't right click and 'view network properties' to change authentication methods or things like 'connect to this network automatically'. 

    The limitations aren't dealbreakers for my users, so thanks again!  I can't imagine how frustrating this would be for bigger businesses!

    15 Januari 2013 17:48
  • Just wanted to mention another loophole.  At our company, we have a few apple computers too.  It's just as easy to open the keychain app and show the password for a saved network.  boooooo!! 
    31 Januari 2013 13:56
  • This is the best solution I have found, thank you very much for sharing.
    07 Juni 2013 18:56