Solved Any way to mask or hide WiFi keys?

danzero

New member
Local time
3:09 PM
Messages
2
Hi,

I'm starting to deploy Windows 7 in a corporate environment. The problem I've encountered so far is that there's no way to hide the SSID keys. For example, if I configure a laptop for a user, I want to configure the WiFi settings without the person being able to snoop around in the settings and see the WiFi key. This was easy in XP.

I've also looked at Dell ControlPoint utility which is bundled with our new machines. It's doable with the Dell utility, but that thing is pure bloatware and is a pain to use, even for seasoned IT pros.

Thanks for any insight,
danzero
 

My Computer My Computer

At a glance

XP, Win7, 2k3, 2k8, Ubuntu, Mac OS X
OS
XP, Win7, 2k3, 2k8, Ubuntu, Mac OS X
Welcome to Seven Forums!

Are you referring to the SSID itself? Unless the radio utility supports hiding the SSID in the config there's no way to mask it.

As long as you use a good, strong security mechanism like WPA2-PSK or WPA2-Enterprise (802.1x), hiding the SSID won't cause any problems. Even if someone gets the SSID (it's actually pretty easy with wireless sniffing software) it won't really matter. Without the right security they can't connect.

If you're talking about PSK Keys, they should be stored encrypted anyway.
 

My Computer My Computer

At a glance

W7 Ultimate 64bit W7 Premium 64bit W7 Premium...Athlon 64X2 5000+4GBATI X1300
Computer Manufacturer/Model Number
Dell C521
OS
W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
CPU
Athlon 64X2 5000+
Motherboard
Dell
Memory
4GB
Graphics Card(s)
ATI X1300
Sound Card
On Board
Monitor(s) Displays
Dell 19" Flat
Screen Resolution
1280x1024
Hard Drives
500GB Western Digital Caviar Green
Mouse
Microsoft Wireless Intellimouse Explorer 2.0
Internet Speed
SBC DSL - 6Mbps

My Computer My Computer

At a glance

W7 RTM Ultimate x64Intel Q8400 @ 2.66GHZ4GB DDR2-800Gainward GTS 450 GLH 1GB Edition
Computer Manufacturer/Model Number
Custom Build
OS
W7 RTM Ultimate x64
CPU
Intel Q8400 @ 2.66GHZ
Motherboard
Gigabyte GA-EG45M-UD2H
Memory
4GB DDR2-800
Graphics Card(s)
Gainward GTS 450 GLH 1GB Edition
Sound Card
Integrated 8 Channel
Monitor(s) Displays
AOC 23.6 Inch Widescreen LCD
Screen Resolution
1920x1080
Hard Drives
Seagate 500GB Internal
Western Digital 1TB Internal

Hitachi 1TB External
PSU
Apevia Java Power 500W
Case
Cooler Master HAF 922 Black
Cooling
Stock Intel CPU Fan
Keyboard
HP SK-2960 Multimedia Keyboard
Mouse
Logitech M350 Wireless Gaming Mouse
Internet Speed
1.5MB
If this is on the Pro version you may be able to leverage something in Group Policy to disable the option box for hiding the key. I don't have access to a version that would have that ability so I can't point you in that direction.
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64Phenom II X4 955 BE8 GB OCZ BE 1667EVGA GeForce GTX470 SC
Computer Manufacturer/Model Number
Home built
OS
Windows 7 Home Premium x64
CPU
Phenom II X4 955 BE
Motherboard
Asus Sabertooth 990FX
Memory
8 GB OCZ BE 1667
Graphics Card(s)
EVGA GeForce GTX470 SC
Monitor(s) Displays
BenQ 19"
Screen Resolution
1280x1024
Hard Drives
256 GB OCZ Vertex 3 SSD
2x WD 1 TB
1x WD 2 TB
PSU
Thermaltake 850W
Case
Coolermaster Cosmos 1000
Cooling
Air
Keyboard
Logitech
Mouse
Cyborg R.A.T 7
Internet Speed
Standard RR
I looked around the GPE and didn't see anything.

But there's got to be a registry setting somewhere...
 

My Computer My Computer

At a glance

W7 Ultimate 64bit W7 Premium 64bit W7 Premium...Athlon 64X2 5000+4GBATI X1300
Computer Manufacturer/Model Number
Dell C521
OS
W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
CPU
Athlon 64X2 5000+
Motherboard
Dell
Memory
4GB
Graphics Card(s)
ATI X1300
Sound Card
On Board
Monitor(s) Displays
Dell 19" Flat
Screen Resolution
1280x1024
Hard Drives
500GB Western Digital Caviar Green
Mouse
Microsoft Wireless Intellimouse Explorer 2.0
Internet Speed
SBC DSL - 6Mbps
I found a solution not so simple but it works!

Hi!

I have found a solution, which is not very elegant but it works.

The way is to find the key in the registry where you can unlock the viewing of the WIFI Key.

For that, you have to find a Key where the value is "CElevateWlanUi"

In my case, it was in HKEY_CLASSES_ROOT\Appid\{86F80216-5DD6-4F43-953B-35EF40A35AEE}.
Under this key you have 3 values :
  • The first one (default) with the value "CElevateWlanUi"
  • The second one AccessPermission of type Reg_Binary with a binary value (does'nt matter to understand what it means)
  • The third one is called DllSurrogate with a null value.

The way I solved the problem is to setup the authorizations of the main Key {86F80216-5DD6-4F43-953B-35EF40A35AEE} by a right-click, then "autorizations".
After you have to take possession of this key.
I setup the owner as our domain administrator.
For that click on the the button "Advanced" then on the tab "owner" and replace TrustedInstaller by the administrator of my domain.
Then, I came back to the main panel of authorizations of the main key.
I deleted the entry LAP505\administrators and the entry LAP505\domain users, and added the entry for my domain administrator with all rights. (LAP505 is the computer name)
I applied all the modifications.
I repeated the operation for the second occurence of the key :
HKEY_LOCAL_MACHINE\Software\classid\Appid\{86F80216-5DD6-4F43-953B-35EF40A35AEE}

And when I logged on with a user with local admin privileges, I could connect to WIFI network, I could access to the network center but I could'nt unmark the "Hide caracters". It works!

Second point : As my users want also to connect their laptop at home on their box, I checked the possibility to add a WIFI connection and it worked also! The only restriction is that they can't see the key once it is entered (for modification, they have to delete the connection a re-create it.
I hope it will help you!

Best regards.
Bernard (from a country where we are more proud of our national rugby team than our national football team (if you see what I mean ;)...))
 

My Computer My Computer

At a glance

Win7 Pro, AD, ...
OS
Win7 Pro, AD, ...
Hi,

thanks for the greatful solution. It works.
Do you know the registrykey for the button to export the wlan-profil (see the attached picture).
Because the user is able to export the wlan profil to usb-stick and can import the profile to another pc.
The biggest problem of the export to usb-stick, there will be create a file on the stick with the name "wsettings.txt" . In this file the user can read the wlan security key in uncrypted charakters. This is realy a security leck.

I hope someone have a solution for this problem.

Thanks
 

Attachments

  • greenshot_2010-09-01_07-37-01.jpg
    greenshot_2010-09-01_07-37-01.jpg
    24.6 KB · Views: 553

My Computer My Computer

At a glance

Windows 7 Premium 64bit
OS
Windows 7 Premium 64bit
local sec policy / GPO

You can disable the WCN (the button to export the wlan profile) with local security policy or a GPO, there are two settings (translated from german:computer configuration - policies - administrative templates - network - windows connect now), you can deny the access to WCN and you can say what can be configured with WCN , i blocked Flash memory.

for the Checkbox, it can also be done with GPO. Create a new GPO, add a value under computer - policies - windows - security - policies - registry and name it CLASSES_ROOT\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}. configure this key, say replace settings for all sub keys, and change the security of the value to enable admin access (set admin or local admins as owner, check CHANGE). this is needed that the GPO can change the values.
under computer - settings - windows settings - registry, add a reg binary with the name AccessPermission, select HKEY_CLASSES_ROOT as structure, AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE} as Path, AccessPermission as Name, REG_BINARY as ValueType and a hex value like 010004804400 (...).

How to get the hex value (or how to do this all without GPO, for instance if you use images to deploy windows you can use this):

use one windows 7 pc, open registry editor, navigate to KEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}, change the permissions of the key to have admin as owner and give him full access (incl. sub keys)
start dcomcnfg (or use control panel),navigate to component services computer - workplace - dcom config, find the object CElevateWlanUi and change the Access permissions to what you like (defaults to system, interactive and self, remove interactive and self, and/or add domain admins or users who should be able to see the wlan key) and test.

after this, you will find this access list in the registry under KEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE} in the reg_binary AccessPermission.
export the key, it will look like:
"AccessPermission"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,14,00,\
00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,00,00,\

remove the line breaks (\), remove the comma, so that you have a single number like 010004804400005400... , this is the value that you need for the GPO

you could also only change the access rights to the key as mentioned above to prevent TrustedInstaller from accessing it, but since the AccessPermission is exactly what the name says, i find this better and it can be easily reversed.
 

My Computer My Computer

At a glance

W7 Pro 64
OS
W7 Pro 64
Hi,

thanks for the greatful solution. It works.
Do you know the registrykey for the button to export the wlan-profil (see the attached picture).
Because the user is able to export the wlan profil to usb-stick and can import the profile to another pc.
The biggest problem of the export to usb-stick, there will be create a file on the stick with the name "wsettings.txt" . In this file the user can read the wlan security key in uncrypted charakters. This is realy a security leck.

I hope someone have a solution for this problem.

Thanks

I have found the regitry key which prevent user from exporting to Flash-Usb,
it is HKEY_CLASS_ROOT\AppID\{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}

If you do the same operation than above (modifying authorizations), it works. And the user can always add a new wifi profile (for example at home)
It tooks me a lot of time but I found it!:thumbsup:

And overall, Happy New Year!:party:
 

My Computer My Computer

At a glance

Win7 Pro, AD, ...
OS
Win7 Pro, AD, ...
I cannot find where to do the following. I am in the GPO but don't see the path listed. (policies - windows - security - policies - registry) Thanks!

for the Checkbox, it can also be done with GPO. Create a new GPO, add a value under computer - policies - windows - security - policies - registry and name it CLASSES_ROOT\AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE}. configure this key, say replace settings for all sub keys, and change the security of the value to enable admin access (set admin or local admins as owner, check CHANGE). this is needed that the GPO can change the values.
under computer - settings - windows settings - registry, add a reg binary with the name AccessPermission, select HKEY_CLASSES_ROOT as structure, AppID\{86F80216-5DD6-4F43-953B-35EF40A35AEE} as Path, AccessPermission as Name, REG_BINARY as ValueType and a hex value like 010004804400 (...).
 

My Computer My Computer

At a glance

windows 7 32 bit
OS
windows 7 32 bit
BernardSeven I want to thank you so much for your posts. My son's friend stole our secure key for our internet, when he was on my son's computer and was using our wireless internet, we got a letter for our provider telling us we had acceded the limit and that we might get disconnected. I have spent 2 days trying to figure out how to hide the secure key, and your posts where extremely helpful, and worked great.

Microsoft should hire you. LOL
 

My Computer My Computer

At a glance

Windows 7 Utimate 32bit
OS
Windows 7 Utimate 32bit
Hi! I have found a solution, which is not very elegant but it works.

hi thanks, can u pls send me that by Screen shots images .
 

My Computer My Computer

At a glance

windows7 32bit
OS
windows7 32bit
BernardSeven - I followed your instructions with the exception that I want the local administrator account to be the owner of the 2 keys you indicated. Only our school techs can login with the administrator user. I also deleted the trusted installer - should I not? It still doesn't work for me. If I log in as another local user (although it has admin rights), that check mark still shows the password characters. I was so excited to find something that had worked for others......
 

My Computer My Computer

At a glance

Win7 Pro sp7 32-big
OS
Win7 Pro sp7 32-big
Does this fix still work? I got it to work with the usb stick option but not with "show network security key." thanks
 

My Computer My Computer

At a glance

w7 ult x64
OS
w7 ult x64
Hi

Hi,

I'm starting to deploy Windows 7 in a corporate environment. The problem I've encountered so far is that there's no way to hide the SSID keys. For example, if I configure a laptop for a user, I want to configure the WiFi settings without the person being able to snoop around in the settings and see the WiFi key. This was easy in XP.

I've also looked at Dell ControlPoint utility which is bundled with our new machines. It's doable with the Dell utility, but that thing is pure bloatware and is a pain to use, even for seasoned IT pros.

Thanks for any insight,
danzero
Well if you are concerned about the security of your wireless then we have a solution, if I tell you there is no option to hide it provided by the company but yes we can hide it by some other means as i believe this worked for me you may like it as well this problem came to me when I got wireless at my property then I also felt the requirement to hide the wireless key and eventually I spent a long time searching for the solution but i couldn't find but I found an alternative I hope you are also going to take help from it and going to appreciate
Hide wireless network key


If you require some more security option then you can check these links also
How can I secure my wireless network?
 

My Computer My Computer

At a glance

windows 7 enterprise 32
OS
windows 7 enterprise 32
Well if you are concerned about the security of your wireless then we have a solution, if I tell you there is no option to hide it provided by the company but yes we can hide it by some other means as i believe this worked for me you may like it as well this problem came to me when I got wireless at my property then I also felt the requirement to hide the wireless key and eventually I spent a long time searching for the solution but i couldn't find but I found an alternative I hope you are also going to take help from it and going to appreciate
Hide wireless network key


If you require some more security option then you can check these links also
How can I secure my wireless network?
 

My Computer My Computer

At a glance

windows 7 enterprise 32
OS
windows 7 enterprise 32

My Computer My Computer

At a glance

windows 7 enterprise 32
OS
windows 7 enterprise 32
easy_way

hello mr.
plz follow these simple step..

1. download "windows 7 system tray hider" and install it...after installation, a box will came out on your screen.. plz click on their button.you will find automatically your OS hide system tray(your desktop right bottom part) where anyone can check your wi-fi password.

2. but this is not enough because a well known person can also check your wi-fi password after accessing "control panel > network sharing centre. so to lock control panel(only possible in windows 7 ultimate & professional) go to start search bar write "gpedit.msc" plz open it.A new window will open u can check there is a "Administrator template" open it ..now 5 or 6 new forms will open at right side ...open control panel ..you will find that in bottom there is form "prohibited access control panel" open it and the last step after open.. in a new page OS will ask to select one option out of three option plz select "Enabled" option ..apply it.

now you can check there is no option to access to control panel and task manager(system tray) enjoy bro...and i think this is the simplest way to lock.

and to unlock these things repeat these step vice versa .:hot:
 

My Computer My Computer

At a glance

windows 7 ultimate 32 bit
OS
windows 7 ultimate 32 bit
Back
Top