Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Any way to mask or hide WiFi keys?

03 Mar 2010   #1
danzero

XP, Win7, 2k3, 2k8, Ubuntu, Mac OS X
 
 
Any way to mask or hide WiFi keys?

Hi,

I'm starting to deploy Windows 7 in a corporate environment. The problem I've encountered so far is that there's no way to hide the SSID keys. For example, if I configure a laptop for a user, I want to configure the WiFi settings without the person being able to snoop around in the settings and see the WiFi key. This was easy in XP.

I've also looked at Dell ControlPoint utility which is bundled with our new machines. It's doable with the Dell utility, but that thing is pure bloatware and is a pain to use, even for seasoned IT pros.

Thanks for any insight,
danzero


My System SpecsSystem Spec
.
03 Mar 2010   #2
RedBirdDad

W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
 
 

Welcome to Seven Forums!

Are you referring to the SSID itself? Unless the radio utility supports hiding the SSID in the config there's no way to mask it.

As long as you use a good, strong security mechanism like WPA2-PSK or WPA2-Enterprise (802.1x), hiding the SSID won't cause any problems. Even if someone gets the SSID (it's actually pretty easy with wireless sniffing software) it won't really matter. Without the right security they can't connect.

If you're talking about PSK Keys, they should be stored encrypted anyway.
My System SpecsSystem Spec
03 Mar 2010   #3
Uber Philf

W7 RTM Ultimate x64
 
 

I don't think there is a way.

Windows 7 Wireless Networking (show characters) to secured wireless network.____Is there a way to keep the wireless key-paraphrase hidden in Windows 7?

Discussion started here, still hasn't been answered, but you might like to keep an eye on it, just in case there is a solution.
My System SpecsSystem Spec
.

03 Mar 2010   #4
mlevy

Windows 7 Home Premium x64
 
 

If this is on the Pro version you may be able to leverage something in Group Policy to disable the option box for hiding the key. I don't have access to a version that would have that ability so I can't point you in that direction.
My System SpecsSystem Spec
03 Mar 2010   #5
RedBirdDad

W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
 
 

I looked around the GPE and didn't see anything.

But there's got to be a registry setting somewhere...
My System SpecsSystem Spec
22 Jun 2010   #6
BernardSeven

Win7 Pro, AD, ...
 
 
I found a solution not so simple but it works!

Hi!

I have found a solution, which is not very elegant but it works.

The way is to find the key in the registry where you can unlock the viewing of the WIFI Key.

For that, you have to find a Key where the value is "CElevateWlanUi"

In my case, it was in HKEY_CLASSES_ROOT\Appid\{86F80216-5DD6-4F43-953B-35EF40A35AEE}.
Under this key you have 3 values :
  • The first one (default) with the value "CElevateWlanUi"
  • The second one AccessPermission of type Reg_Binary with a binary value (does'nt matter to understand what it means)
  • The third one is called DllSurrogate with a null value.

The way I solved the problem is to setup the authorizations of the main Key {86F80216-5DD6-4F43-953B-35EF40A35AEE} by a right-click, then "autorizations".
After you have to take possession of this key.
I setup the owner as our domain administrator.
For that click on the the button "Advanced" then on the tab "owner" and replace TrustedInstaller by the administrator of my domain.
Then, I came back to the main panel of authorizations of the main key.
I deleted the entry LAP505\administrators and the entry LAP505\domain users, and added the entry for my domain administrator with all rights. (LAP505 is the computer name)
I applied all the modifications.
I repeated the operation for the second occurence of the key :
HKEY_LOCAL_MACHINE\Software\classid\Appid\{86F80216-5DD6-4F43-953B-35EF40A35AEE}

And when I logged on with a user with local admin privileges, I could connect to WIFI network, I could access to the network center but I could'nt unmark the "Hide caracters". It works!

Second point : As my users want also to connect their laptop at home on their box, I checked the possibility to add a WIFI connection and it worked also! The only restriction is that they can't see the key once it is entered (for modification, they have to delete the connection a re-create it.
I hope it will help you!

Best regards.
Bernard (from a country where we are more proud of our national rugby team than our national football team (if you see what I mean ...))
My System SpecsSystem Spec
01 Sep 2010   #7
steffen0815

Windows 7 Premium 64bit
 
 

Hi,

thanks for the greatful solution. It works.
Do you know the registrykey for the button to export the wlan-profil (see the attached picture).
Because the user is able to export the wlan profil to usb-stick and can import the profile to another pc.
The biggest problem of the export to usb-stick, there will be create a file on the stick with the name "wsettings.txt" . In this file the user can read the wlan security key in uncrypted charakters. This is realy a security leck.

I hope someone have a solution for this problem.

Thanks


Attached Images
 
My System SpecsSystem Spec
28 Oct 2010   #8
jensL

W7 Pro 64
 
 
local sec policy / GPO

You can disable the WCN (the button to export the wlan profile) with local security policy or a GPO, there are two settings (translated from german:computer configuration - policies - administrative templates - network - windows connect now), you can deny the access to WCN and you can say what can be configured with WCN , i blocked Flash memory.

for the Checkbox, it can also be done with GPO. Create a new GPO, add a value under computer - policies - windows - security - policies - registry and name it CLASSES_ROOT\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}. configure this key, say replace settings for all sub keys, and change the security of the value to enable admin access (set admin or local admins as owner, check CHANGE). this is needed that the GPO can change the values.
under computer - settings - windows settings - registry, add a reg binary with the name AccessPermission, select HKEY_CLASSES_ROOT as structure, AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE} as Path, AccessPermission as Name, REG_BINARY as ValueType and a hex value like 010004804400 (...).

How to get the hex value (or how to do this all without GPO, for instance if you use images to deploy windows you can use this):

use one windows 7 pc, open registry editor, navigate to KEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}, change the permissions of the key to have admin as owner and give him full access (incl. sub keys)
start dcomcnfg (or use control panel),navigate to component services computer - workplace - dcom config, find the object CElevateWlanUi and change the Access permissions to what you like (defaults to system, interactive and self, remove interactive and self, and/or add domain admins or users who should be able to see the wlan key) and test.

after this, you will find this access list in the registry under KEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE} in the reg_binary AccessPermission.
export the key, it will look like:
"AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\
00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,00,00,\

remove the line breaks (\), remove the comma, so that you have a single number like 010004804400005400... , this is the value that you need for the GPO

you could also only change the access rights to the key as mentioned above to prevent TrustedInstaller from accessing it, but since the AccessPermission is exactly what the name says, i find this better and it can be easily reversed.
My System SpecsSystem Spec
11 Jan 2011   #9
BernardSeven

Win7 Pro, AD, ...
 
 

Quote   Quote: Originally Posted by steffen0815 View Post
Hi,

thanks for the greatful solution. It works.
Do you know the registrykey for the button to export the wlan-profil (see the attached picture).
Because the user is able to export the wlan profil to usb-stick and can import the profile to another pc.
The biggest problem of the export to usb-stick, there will be create a file on the stick with the name "wsettings.txt" . In this file the user can read the wlan security key in uncrypted charakters. This is realy a security leck.

I hope someone have a solution for this problem.

Thanks
I have found the regitry key which prevent user from exporting to Flash-Usb,
it is HKEY_CLASS_ROOT\AppID\{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}

If you do the same operation than above (modifying authorizations), it works. And the user can always add a new wifi profile (for example at home)
It tooks me a lot of time but I found it!

And overall, Happy New Year!
My System SpecsSystem Spec
24 Mar 2011   #10
suzyhawk

windows 7 32 bit
 
 

I cannot find where to do the following. I am in the GPO but don't see the path listed. (policies - windows - security - policies - registry) Thanks!

for the Checkbox, it can also be done with GPO. Create a new GPO, add a value under computer - policies - windows - security - policies - registry and name it CLASSES_ROOT\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}. configure this key, say replace settings for all sub keys, and change the security of the value to enable admin access (set admin or local admins as owner, check CHANGE). this is needed that the GPO can change the values.
under computer - settings - windows settings - registry, add a reg binary with the name AccessPermission, select HKEY_CLASSES_ROOT as structure, AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE} as Path, AccessPermission as Name, REG_BINARY as ValueType and a hex value like 010004804400 (...).
My System SpecsSystem Spec
Reply

 Any way to mask or hide WiFi keys?




Thread Tools




Similar help and support threads
Thread Forum
Getting the brightness / wifi on-off / volume keys to work
I recently got a new laptop and replaced the preinstalled Windows 8 with Windows 7. Unfortunately, the special options to the function keys (wifi on/off, brightness, change volume, change multiscreen mode, etc.) don't work. Does anybody know of a way to fix that?
Hardware & Devices
How do you tell where the subnet mask is located?
I have a subnet mask of 255.255.248.0 and i would like to know where it is located in the world. Thanks.
General Discussion
Why is my subnet mask 255.255.248.0?
http://s14.postimage.org/fd9nl4xi7/Capture.jpg As shown in the screen shot above, I have my router settings set for a subnet mask of 255.255.255.0 and DHCP Range of 192.168.1.100 - 192.168.1.149 which is default I believe, I haven't changed either setting the only thing I changed is in the Port...
Network & Sharing
Get's Hot In This Mask
Darn, you know it gets so hot in this mask I have to take it off once in a while just to get some fresh carbon monoxide. Anyway, I thought this would be a good chance for me to show everyone just how handsome I really am so here goes: There, not so bad eh? Heh, where'd everybody go. Hello....
Chillout Room
Hide SSID on Microsoft Virtual WiFi Miniport Adapter?
I have an access point created using the Microsoft Virtual WiFi Miniport Adapter (using an Alfa 1w usb wifi adapter and connectify.me) and I am wondering if it is possible to not broadcast the SSID? How would I go about doing that?
Network & Sharing
any way to hide multiple wifi networks
where i live, there are 3 wifi networks one mine and other 2 neighbors, i want to hide neigbors networks, so that other users on my system dont see the neighbor wifi networks. neighbors wifi network dont require authentication to join the network.
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:01.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App