Any Way to Push out Wireless WPA Key with AD/Group Policy??

[Todd]

We just setup a WiFi network at work and it's setup using WPA-PSK with
TKIP. I had planned to use the wireless GPO to send out the config for
our network, including the key. Now I find out it doesn't support
sending out the key, which I find utterly ridiculous. I was trying to
avoid the hassle of an 802.1x infrastructure. Is there any way to push
out the key to everyone's laptop??

Thanks.

[Mark Heitbrink [MVP]]

Hi,

Todd schrieb:

> We just setup a WiFi network at work and it's setup using WPA-PSK with
> TKIP. I had planned to use the wireless GPO to send out the config for
> our network, including the key.

Definetly NO GO! Wireless CSE only works with certificates, because of
security reasons. So, the first contact is always be by wire, the settings
and die certificate is applied, after that Wirelee will work.

The reason:
You need to write down the PSK into a file or inside the AD, no matter
where. Every authenticated User is allowed to read the SYSVOL (all files
of a GPO) and the AD, the key wouldn´t be a "secret" ...
If you crypt it, the DLL that is importing the key will decrypt is, so
just run a debugging tool and read the cecrypted Passphrase.
Thats why PSK is not implemented.

Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy

Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english