Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Any way to mask or hide WiFi keys?


03 Mar 2010   #1

XP, Win7, 2k3, 2k8, Ubuntu, Mac OS X
 
 
Any way to mask or hide WiFi keys?

Hi,

I'm starting to deploy Windows 7 in a corporate environment. The problem I've encountered so far is that there's no way to hide the SSID keys. For example, if I configure a laptop for a user, I want to configure the WiFi settings without the person being able to snoop around in the settings and see the WiFi key. This was easy in XP.

I've also looked at Dell ControlPoint utility which is bundled with our new machines. It's doable with the Dell utility, but that thing is pure bloatware and is a pain to use, even for seasoned IT pros.

Thanks for any insight,
danzero

My System SpecsSystem Spec
.

03 Mar 2010   #2

W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
 
 

Welcome to Seven Forums!

Are you referring to the SSID itself? Unless the radio utility supports hiding the SSID in the config there's no way to mask it.

As long as you use a good, strong security mechanism like WPA2-PSK or WPA2-Enterprise (802.1x), hiding the SSID won't cause any problems. Even if someone gets the SSID (it's actually pretty easy with wireless sniffing software) it won't really matter. Without the right security they can't connect.

If you're talking about PSK Keys, they should be stored encrypted anyway.
My System SpecsSystem Spec
03 Mar 2010   #3

W7 RTM Ultimate x64
 
 

I don't think there is a way.

Windows 7 Wireless Networking (show characters) to secured wireless network.____Is there a way to keep the wireless key-paraphrase hidden in Windows 7?

Discussion started here, still hasn't been answered, but you might like to keep an eye on it, just in case there is a solution.
My System SpecsSystem Spec
.


03 Mar 2010   #4

Windows 7 Home Premium x64
 
 

If this is on the Pro version you may be able to leverage something in Group Policy to disable the option box for hiding the key. I don't have access to a version that would have that ability so I can't point you in that direction.
My System SpecsSystem Spec
03 Mar 2010   #5

W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
 
 

I looked around the GPE and didn't see anything.

But there's got to be a registry setting somewhere...
My System SpecsSystem Spec
22 Jun 2010   #6

Win7 Pro, AD, ...
 
 
I found a solution not so simple but it works!

Hi!

I have found a solution, which is not very elegant but it works.

The way is to find the key in the registry where you can unlock the viewing of the WIFI Key.

For that, you have to find a Key where the value is "CElevateWlanUi"

In my case, it was in HKEY_CLASSES_ROOT\Appid\{86F80216-5DD6-4F43-953B-35EF40A35AEE}.
Under this key you have 3 values :
  • The first one (default) with the value "CElevateWlanUi"
  • The second one AccessPermission of type Reg_Binary with a binary value (does'nt matter to understand what it means)
  • The third one is called DllSurrogate with a null value.

The way I solved the problem is to setup the authorizations of the main Key {86F80216-5DD6-4F43-953B-35EF40A35AEE} by a right-click, then "autorizations".
After you have to take possession of this key.
I setup the owner as our domain administrator.
For that click on the the button "Advanced" then on the tab "owner" and replace TrustedInstaller by the administrator of my domain.
Then, I came back to the main panel of authorizations of the main key.
I deleted the entry LAP505\administrators and the entry LAP505\domain users, and added the entry for my domain administrator with all rights. (LAP505 is the computer name)
I applied all the modifications.
I repeated the operation for the second occurence of the key :
HKEY_LOCAL_MACHINE\Software\classid\Appid\{86F80216-5DD6-4F43-953B-35EF40A35AEE}

And when I logged on with a user with local admin privileges, I could connect to WIFI network, I could access to the network center but I could'nt unmark the "Hide caracters". It works!

Second point : As my users want also to connect their laptop at home on their box, I checked the possibility to add a WIFI connection and it worked also! The only restriction is that they can't see the key once it is entered (for modification, they have to delete the connection a re-create it.
I hope it will help you!

Best regards.
Bernard (from a country where we are more proud of our national rugby team than our national football team (if you see what I mean ...))
My System SpecsSystem Spec
01 Sep 2010   #7

Windows 7 Premium 64bit
 
 

Hi,

thanks for the greatful solution. It works.
Do you know the registrykey for the button to export the wlan-profil (see the attached picture).
Because the user is able to export the wlan profil to usb-stick and can import the profile to another pc.
The biggest problem of the export to usb-stick, there will be create a file on the stick with the name "wsettings.txt" . In this file the user can read the wlan security key in uncrypted charakters. This is realy a security leck.

I hope someone have a solution for this problem.

Thanks


Attached Images
 
My System SpecsSystem Spec
28 Oct 2010   #8

W7 Pro 64
 
 
local sec policy / GPO

You can disable the WCN (the button to export the wlan profile) with local security policy or a GPO, there are two settings (translated from german:computer configuration - policies - administrative templates - network - windows connect now), you can deny the access to WCN and you can say what can be configured with WCN , i blocked Flash memory.

for the Checkbox, it can also be done with GPO. Create a new GPO, add a value under computer - policies - windows - security - policies - registry and name it CLASSES_ROOT\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}. configure this key, say replace settings for all sub keys, and change the security of the value to enable admin access (set admin or local admins as owner, check CHANGE). this is needed that the GPO can change the values.
under computer - settings - windows settings - registry, add a reg binary with the name AccessPermission, select HKEY_CLASSES_ROOT as structure, AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE} as Path, AccessPermission as Name, REG_BINARY as ValueType and a hex value like 010004804400 (...).

How to get the hex value (or how to do this all without GPO, for instance if you use images to deploy windows you can use this):

use one windows 7 pc, open registry editor, navigate to KEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}, change the permissions of the key to have admin as owner and give him full access (incl. sub keys)
start dcomcnfg (or use control panel),navigate to component services computer - workplace - dcom config, find the object CElevateWlanUi and change the Access permissions to what you like (defaults to system, interactive and self, remove interactive and self, and/or add domain admins or users who should be able to see the wlan key) and test.

after this, you will find this access list in the registry under KEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE} in the reg_binary AccessPermission.
export the key, it will look like:
"AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\
00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,00,00,\

remove the line breaks (\), remove the comma, so that you have a single number like 010004804400005400... , this is the value that you need for the GPO

you could also only change the access rights to the key as mentioned above to prevent TrustedInstaller from accessing it, but since the AccessPermission is exactly what the name says, i find this better and it can be easily reversed.
My System SpecsSystem Spec
11 Jan 2011   #9

Win7 Pro, AD, ...
 
 

Quote   Quote: Originally Posted by steffen0815 View Post
Hi,

thanks for the greatful solution. It works.
Do you know the registrykey for the button to export the wlan-profil (see the attached picture).
Because the user is able to export the wlan profil to usb-stick and can import the profile to another pc.
The biggest problem of the export to usb-stick, there will be create a file on the stick with the name "wsettings.txt" . In this file the user can read the wlan security key in uncrypted charakters. This is realy a security leck.

I hope someone have a solution for this problem.

Thanks
I have found the regitry key which prevent user from exporting to Flash-Usb,
it is HKEY_CLASS_ROOT\AppID\{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}

If you do the same operation than above (modifying authorizations), it works. And the user can always add a new wifi profile (for example at home)
It tooks me a lot of time but I found it!

And overall, Happy New Year!
My System SpecsSystem Spec
24 Mar 2011   #10

windows 7 32 bit
 
 

I cannot find where to do the following. I am in the GPO but don't see the path listed. (policies - windows - security - policies - registry) Thanks!

for the Checkbox, it can also be done with GPO. Create a new GPO, add a value under computer - policies - windows - security - policies - registry and name it CLASSES_ROOT\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}. configure this key, say replace settings for all sub keys, and change the security of the value to enable admin access (set admin or local admins as owner, check CHANGE). this is needed that the GPO can change the values.
under computer - settings - windows settings - registry, add a reg binary with the name AccessPermission, select HKEY_CLASSES_ROOT as structure, AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE} as Path, AccessPermission as Name, REG_BINARY as ValueType and a hex value like 010004804400 (...).
My System SpecsSystem Spec
Reply

 Any way to mask or hide WiFi keys?




Thread Tools



Similar help and support threads for2: Any way to mask or hide WiFi keys?
Thread Forum
Solved Alternatives to Mask Surf or Tor - Any Recommendations? Browsers & Mail
Why is my subnet mask 255.255.248.0? Network & Sharing
how to manually set up your ip dns server subnet mask and default gate Network & Sharing
Get's Hot In This Mask Chillout Room
Hide SSID on Microsoft Virtual WiFi Miniport Adapter? Network & Sharing
any way to hide multiple wifi networks Network & Sharing
Emergency Swine Flu Mask Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:19 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33