none
WPA/WPA2 preshared key? (XP Wireless GPO in 2008 R2)

    Question

  • I have a fairly basic network configuration with a paswordless public WLAN and a passworded private WLAN where everyone is using a single SSID and WPA2 password.

    I am trying to get some XP laptops to auto-connect to the wireless network before a domain user login occurs, and it appears this is possible to implement, using the 802.11 wireless GPO functionality of Server 2008 R2.

    Except the GPO appears to be incompletely designed. I can enter the SSID, specify that it is a preshared WPA/WPA2, and it is TKIP or AES, and ....what? Where do I enter the preshared password?

    I looked through every single option of the XP wireless GPO and nowhere is there a field to enter the WPA2 preshared key. So where am I supposed to be entering it, if not in this GPO?

    - Dale Mahalko

     

    Monday, October 10, 2011 11:30 PM

All replies

  • Hi,

     >nowhere is there a field to enter the WPA2 preshared key.

    Yes, you are right that there is no field for it.

    We highly recommend you to use IEEE 802.1X Authenticated Wireless Access. We could chose Authentication Mode as Computer only or User authentication.

    1. Computer only: When the computer start up, then the wireless network is accessble. Note that the computer should be in the security group in the domain and linked to the policy.

    2. User authentication: When user logon to the client, he can use his own credential to access wireless network.

     For more information, please refer to the following link:

    802.1X Authenticated Wireless Access

    http://technet.microsoft.com/en-us/library/cc771455(WS.10).aspx 

    Configure Wireless Clients Running Windows XP for 802.1X Authenticated Access

    http://technet.microsoft.com/en-us/library/dd283043(WS.10).aspx

    Best Regards,

    Yan Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, October 11, 2011 10:07 AM
    Moderator
  • I will take a look at that, however the original question remains. Where do I put the WLAN preshared password so that this policy will work?

    Is the preshared password supposed to come from the portable device itself, by first setting up a non-GPO wireless connection to the GPO'd SSID as the device Administrator?

    I do not understand the intent behind allowing for selection of a preshared key choice in the GPO and then not actually being able to provide the key.

    Since this looks like either an oversight or a bug, it appears I should report it to Microsoft's official support system, and see if they will fix it via automatic updates.

    - Dale Mahalko

     

    Tuesday, October 11, 2011 3:43 PM
  • Hi,

    As far as I know that there is no box for us to put the WLAN preshared password. So I suggest you to try the suggestion I have given. And if you have anything that unclear about IEEE802.1X, please refer to the networking forum:

    http://social.technet.microsoft.com/Forums/en-US/winserverPN/threads

     

    Best Regards,

    Yan Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, October 12, 2011 2:21 AM
    Moderator
  • Please do not mark this thread as "Answered". (If you do, I will unmark it.)

    The main problem is still unresolved. Maybe someone else will eventually come along who will know where to put the preshared password.

     

    Wednesday, October 12, 2011 7:51 AM
  • Hello Dale,

    I (along with quite a few others) have pretty much exactly the same issue as you describe in this thread. I also really don't understand what is supposed to be happening with this GPO, nor have I ever read (so far) about anyone ever getting it working to their satisfaction.

    Please see my thread which Yan Li has also attempted to answer (as yet unsuccessfully). I have also had a recent post from another mod who suggested I export the wireless profile from a working client and import it to the rest, which I will be trying to test tomorrow. I don't really see how it can work though as the settings in the gpo (which doesn't have a password) will override the imported config I think. Also, how am I supposed to get this imported config from a working machine when none of them work? Anyway, I'll give it a go and see what happens. Here's my thread:

    http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/fe153ad0-680a-408c-a5ed-eeaac031b6fc/

    Monday, October 31, 2011 1:37 PM
  • I also wanted to set things up this way and find it odd that you can enter all the details up to the key but then have no where for the key. It is a bit like building a car all the time knowing you will never have a road. It seems if the key is deployed via a gpo then folk on the domain would be able to find the key which may be a security problem.

    Have a look at this: http://www.edugeek.net/forums/windows-server-2008/78312-wireless-network-key-can-set-via-group-policy.html

    This also makes the key available to those looking for it but that may not be a problem.

    Thursday, December 8, 2011 2:06 AM
  • I am in your same boat.  I have 802.11x at the main office, but my remote users all use wireless access points when working remotely. All of these boxes have the same Wifi security settings, and it would be VERY helpful if I could set these settings via GPO.

    Since these boxes are remote (not in my corporate network) I cannot set a radius server to authenticate... so I cant use 11x.

    I will try copeterok's suggestion, but I just wanted to log in my 2 cents, just in case someone is actualy monitoring this forum.

    Monday, June 4, 2012 3:52 PM
  • Has anyone got an answer to issue? Is there an answer to this issue?
    Sunday, November 25, 2012 2:18 PM