Offering WIFI profiles as a “GPO preference”
WIFI profiles can be configured very easily by using Group Policies. However, using GPOs to set WIFI settings limits the user in defining his own preference. A setting like “Auto connect to this network when in range” is set by the system administrator and cannot be unset by a user.
http://www.itexperience.net/wp-content/uploads/2014/03/image_thumb.png
To avoid this problem, I was thinking about a “WIFI offering”. A computer should be provisioned by the right WIFI settings to connect to that SSID. However, if a user wants to modify the setting to its own desires, he should be able to to this. In addition, I also wanted to have the WIFI profile recreated in case the user accidentally deleted the profile.
The solution for this scenario is much easier than I thought, but I think it’s still useful to blog :)
1. First, we need to configure the “recommended” WIFI settings on a Windows 7 laptop. You can do this in the Network and Sharing Center. To quickly open the Network and Sharing center, enter the following command in a command prompt:
control.exe /name Microsoft.NetworkAndSharingCenter
2. After having the WIFI connection configured as desired, you should export these settings to an XML-file, using the netsh command. Type the following command in a command prompt:
netsh wlan export profile my-first-wifi folder=c:\temp\
3. The netsh command above has now created a Wireless-Network-Connection-my-first-wifi.xml file in C:\Temp . Save this file to a network location that is accessible to all domain computers. For example your NETLOGON directory
4. Next, we need to create a batch file (my_first_wifi.bat) with the following commands:
netsh wlan show profiles | find /i "my-first-wifi"
**
if errorlevel 1 (netsh wlan add profile filename="\contoso.com\netlogon\Wireless-Network-Connection-my-first-wifi.xml" user=all
)**
This command will first check whether “my-first-wifi” exists. If it does exist (“if errorlevel 0”), do nothing. If the WIFI profile “my-first-wifi” does not exist (“if error level 1”), it creates the profile with “netsh wlan add profile …”
Adjust the filename and path to your corresponding location.
Save this batch file to the same folder as your xml file (the file that you copied to a network location in step 3)
5. Now since you have created the BATCH file and have exported the XML file with WIFI settings, the only thing you need to do is run the batch-script at computer startup. I prefer doing this in the Computer Configuration of a Group Policy in “Windows Settings –> Scripts (StartUp/Shutdown)”, but configuring at “Administrative Templates –> System –> Scripts” will do fine too.
And we’re done! Steps above will:
- supply new domain computers with a pre-configured WIFI profile
- allow users to modify the profile in their own needs
- re-create the profile in case a user accidentally deletes the profile
- allow Service Desk to quickly help a user “repairing the WIFI profile”: simply delete the wireless configuration and restart the computer!