Configuring WPA2 PEAP-MS-CHAP Wireless Settings

stylez2k3 · May 16, 2007

Hi,

I saw a reference to auto-it while trying to do research in a clean/scalable method of mass configuration of WPA2 PEAP-MS-CHAP Wireless configuration specifically on Windows XP/Vista. We're looking for a simple approach for students to use and would be as efficient as possible. I know that MS has some recommendations from GPO deployment to WPS but we have a special setup with our network that both of those would not be possible and would equate to more complicated setups. I was wondering if anyone had done or know of any GUI/Script that can auto configure wireless access cards with WPA2 settings. I'm knew to this application and I'm trying to see if this solution would be the best since it says that a GUI can be compiled and that would be the easiest for students to launch to configure their card to use our wireless securely. Thank you for your time in advanced.

-Will

tAKTelapis · May 16, 2007

Stylez,

Most of the windows wireless settings are held in the systems registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Wireless

(should hold what you need)

Take a Cleanly setup machine, configure the wireless, and export that key.

You should be able to merge those details with the registry of another machine (perhaps restart) and it should have the details required to connect.

Hope this helps

/tAK

stylez2k3 · May 16, 2007

Stylez,
Most of the windows wireless settings are held in the systems registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Wireless
(should hold what you need)
Take a Cleanly setup machine, configure the wireless, and export that key.
You should be able to merge those details with the registry of another machine (perhaps restart) and it should have the details required to connect.
Hope this helps
/tAK

So basically we're just updating the registry keys, in both XP/Vista? I just hope this method doesn't conflict with any settings that clients may have on their machine. I still would like to try to find a method of automating configuration through a script of some sort. Though thanks for your option, I'll give that a try and see how that works out.

stylez2k3 · May 17, 2007

So basically we're just updating the registry keys, in both XP/Vista? I just hope this method doesn't conflict with any settings that clients may have on their machine. I still would like to try to find a method of automating configuration through a script of some sort. Though thanks for your option, I'll give that a try and see how that works out.

So no one has ever seen any simple script that I could customize to configure and deploy WPA2 settings for wireless on windows XP or Vista? This can't be, I've read so much about AutoIt and it's capabilities, but still very new to this program/language. There aren't any sample scripts that people have seen or used before that I could build on?

PsaltyDS · May 17, 2007

So no one has ever seen any simple script that I could customize to configure and deploy WPA2 settings for wireless on windows XP or Vista? This can't be, I've read so much about AutoIt and it's capabilities, but still very new to this program/language. There aren't any sample scripts that people have seen or used before that I could build on?

[rant]

The issue is not the relative power of AutoIt. It can only be compared with other scripting languages, after all. Would it be possible in Perl? Can you find examples in VBScript? Javascript?

A lot of the settings you are referring to have been hidden behind proprietary vendor-specific drivers and interfaces. Pick the top four or five WiFi hardware vendors you are seeing and ask their tech support about enterprise deployment options. They don't want you scripting it yourself. They want you to buy it from them.

You are an evil pirate subverting their revenue stream...

AutoIt can run programs, if you know which program to run.

AutoIt can pass commandline switches, if you know which switches to provide.

AutoIt can access COM objects, if you know which ones to use from which provider.

AutoIt can access .dll calls, if you know which .dll to use.

AutoIt can edit the registry, if you know which keys.

AutoIt can operate window controls, if you know which windows and controls.

AutoIt can automate web page operations, if you know which web page.

etc., etc., etc...

The problem is that the program, command line, switches, COM provider, .dll, registry keys, windows, controls, and web pages are different from vendor to vendor, and from one version of Windows to another.

If someone does manage to write a script that works (I agree some must have), it will only work with their specific hardware, drivers, Windows version, and WAP setup. I'm on a WiFi link right now, and there are no wireless keys in my registry where stylez2k3 said they would be. Surely there are on stylez2k3's computer, but not on mine with my hardware, Windows version, and WiFi config.

So, now what?

Pick the most common OS and WiFi hardware you are seeing. Carefully document how you set it up manually and everything you can find out about it (.exe used, registry settings changed, setup window that must be automated) and we can help you script THAT.

Don't forget to ask the vendor about their view of automated configuration options. Some will help, some will try to sell you an expensive "Enterprise WiFi Management Platform", and some will simply ignore you. They will all agree that if you would force all students to only buy THEIR STUFF, your task would be much easier! It's called lock-in, and hidden configuration is part of enforcing it (at least to some vendors).

Then move on to the next most common config, and the next. You very well might start finding things they have in common, and you'll already have those parts scripted from previous attempts. Rinse, and repeat...

[/rant]

This is why they pay you the big bucks!

herewasplato · May 17, 2007

...mass configuration of WPA2 PEAP-MS-CHAP Wireless configuration specifically on Windows XP/Vista...

A search of the forum for WPA2 lead me to here:

http://www.autoitscript.com/forum/index.ph...st&p=293049

See if you can modify that to suit your needs.

stylez2k3 · May 17, 2007

A search of the forum for WPA2 lead me to here:
http://www.autoitscript.com/forum/index.ph...st&p=293049

See if you can modify that to suit your needs.

Hi, Thanks for all your input. Though some may not know but we're using the default wireless client on windows for both XP/Vista. My original goal was again, to verify that student machines have the WPA2 hotfix, from there it would be scripted to our wireless APs with our name and configure the following settings:

SSID: name-xx

Authentication: WPA2

IEEE802xEnabled: TRUE

EAPType: PEAP

InnerAuthentication: MSCHAPv2

UseWindowsLoginInfo: FALSE

The link that was posted and the one I have found has gotten to the point of opening the Wireless Network Connection Properties where you can select perferred network. I can't find out how to select the specific network based on a common word and then click on properties, to continue configuring the rest of the setup. Here is what I have so far, which is how far the other poster had:

; Setting the advanced setting in Network Properties
Run(@ComSpec & " /c " & 'ncpa.cpl', "C:\WINDOWS\system32\dllcache", @SW_HIDE)
sleep (1000)

WinWait ( 'Network Connections' )
if NOT WinActive ( 'Network Connections', '' ) then
    WinActivate ( 'Network Connections' )
endif
WinWaitActive ( 'Network Connections' )
;sleep ( 1000 )
Send ( 'wireless' )
;sleep ( 1000 )
send ('{Appskey}')
;sleep ( 1000 )
send ( 'r' )
;sleep (1000)

WinWait ( 'Wireless Network Connection Properties', 'Connect using:' )
if NOT WinActive ( 'Wireless Network Connection Properties', 'Connect using:' ) then
    WinActivate ( 'Wireless Network Connection Properties', 'Connect using:' )
endif
WinWaitActive ( 'Wireless Network Connection Properties', 'Connect using:' )
sleep ( 1000 )
Send ( '+{Tab}' )
sleep ( 1000 )
send ( '+{Tab}' )
sleep ( 1000 )
send ('{Right}' )
sleep (1000)

WinWait ( 'Wireless Network Connection Properties', 'Wireless Networks' )
if NOT WinActive ( 'Wireless Network Connection Properties', 'Wireless Networks' ) then
    WinActivate ( 'Wireless Network Connection Properties', 'Wireless Networks' )
endif
WinWaitActive ( 'Wireless Network Connection Properties', 'Wireless Networks' )
sleep ( 1000 )

After this it should be in a tab where it's given some choices of perferred networks, and i just need to highlet our network AP with a common name and then click on "Properties".

Once in the "AP properties", I'll be at the Association tabl I have 2 drop down boxes:

Network Authentication: WPA2

Data encryption: AES

I need to make sure those drop down boxes verify those settings

Then, moving to the next tab "Authentication"

There is one drop down box:

EAP type: Protected EAP (PEAP)

I need to have this verified to be set and then click on properties box

Once in Properties Page, there is 1 drop down menu:

Select Authentication Method:

Secured password (EAP-MSCHAP v2) and then click on configure

This is the LAST step, from configure, i need to uncheck the box, there's only one option

Click okay on all the previous pages until you get back to the beginning.

I'm pretty new to autoit and i'm trying to learn but haven't gotten to far with this. I also have to make one for Vista.

If anyone could take the time to help me with this project, that would be great.

Edited May 17, 2007 by stylez2k3

herewasplato · May 18, 2007

See if this script gives you any ideas on "...how to select the specific network based on a common word and then click on properties,..." http://www.autoitscript.com/forum/index.ph...st&p=327420 The first part of that script selects the connection named Wireless Network Connection via ControlListView() - the same might work locating "the specific network". [i cannot test that right now.]

...After this it should be in a tab where it's given some choices of perferred networks, and i just need to highlet our network AP with a common name and then click on "Properties"...

Let's solve one or two things at a time: the scripting method used in the script that I referenced above should show you most (but not all) of what you will need to complete your script. One thing that you might want to consider is - a student could have disabled the "Wireless Zero Configuration" service either manually or via some third party wireless card driver - in which case, your "tab of interest" will not be present (at least not in XP). So, you might want to research checking the status of that service.

Also, check out the ControlCommand for TabRight since you want to automate the OS GUI to change these settings.

...hope this helps...

stylez2k3 · May 18, 2007

See if this script gives you any ideas on "...how to select the specific network based on a common word and then click on properties,..." http://www.autoitscript.com/forum/index.ph...st&p=327420 The first part of that script selects the connection named Wireless Network Connection via ControlListView() - the same might work locating "the specific network". [i cannot test that right now.]

Let's solve one or two things at a time: the scripting method used in the script that I referenced above should show you most (but not all) of what you will need to complete your script. One thing that you might want to consider is - a student could have disabled the "Wireless Zero Configuration" service either manually or via some third party wireless card driver - in which case, your "tab of interest" will not be present (at least not in XP). So, you might want to research checking the status of that service.

Also, check out the ControlCommand for TabRight since you want to automate the OS GUI to change these settings.

...hope this helps...

Yea I think theres a pretty high learning curve on learning this new API. I'll try to look at some more examples and try to figure it out. I'm actually looking into some other utilities : secureW2 or Aruba WiFi Config.

Though if anyone has seen a complete script that can help me with this that would be great as well.

kracor · October 6, 2007

Stylez2k3,

I'm sure it's a bit late for this one, but you could try this script I was just able to finish. It ain't too pretty, but it works!

Bruce

WiFiAutoConfig.zip

OmarOrn · November 1, 2008

Hi

i found a tool that that is an exe and you can import and export an custimize to all your needs :mellow:

ENGL Zwlancfg 2.0

so then it wuld be alot easier to customize a simple example wuld be something like this

#include <Process.au3>
Run(@ComSpec & " /c " & @ScriptDir & "\setup\zwlancfg.exe /ssid:""ssid-name"" /ct:""ESS"" /mode:""auto"" /auth:""WPA2"" /encrypt:""TKIP"" /ieee8021x:""true"" /authmode:""user"" _ /eap:""PEAP","",@SW_HIDE)

Paulexander · November 17, 2008

This is a great start, but unfortunately it also requires a Microsoft KB update if you do not already have it (the info to DL and install is on the ZWLANCFG site) but worst of all, it requires a reboot first, effectively clunking up the idea of quickly updating a wireless PW.

Great Find, though - I have been looking for such a utility for ages. None of the freeware sites that I have searched seem to have this one listed.

-P

Hi

i found a tool that that is an exe and you can import and export an custimize to all your needs

ENGL Zwlancfg 2.0

so then it wuld be alot easier to customize a simple example wuld be something like this
#include <Process.au3>
Run(@ComSpec & " /c " & @ScriptDir & "\setup\zwlancfg.exe /ssid:""ssid-name"" /ct:""ESS"" /mode:""auto"" /auth:""WPA2"" /encrypt:""TKIP"" /ieee8021x:""true"" /authmode:""user"" _ /eap:""PEAP","",@SW_HIDE)

tbone106 · February 18, 2009

Yea I think theres a pretty high learning curve on learning this new API. I'll try to look at some more examples and try to figure it out. I'm actually looking into some other utilities : secureW2 or Aruba WiFi Config.
Though if anyone has seen a complete script that can help me with this that would be great as well.

I'm trying to use the script which I think will work great for use, just a few questions on the variables:

For WPA2 Personnel, would the string look like this? or WPA2-PSA ?

$auth = ('WPA2-PER')

Encryption look like this

$encrypt = ('AES-CCMP')

tbone106 · February 18, 2009

I'm trying to use the script which I think will work great for use, just a few questions on the variables:
For WPA2 Personnel, would the string look like this? or WPA2-PSA ?
$auth = ('WPA2-PER')
Encryption look like this
$encrypt = ('AES-CCMP')

I figured out what to use for the variables, the next issue I had was it stop at the networking properties page...

Doppio · April 27, 2009

Take a look at this, http://www.autoitscript.com/forum/index.ph...c=91018&hl=

This is the right approach to doing automatic wireless configuration.

aromo · May 12, 2009

Stylez,
Most of the windows wireless settings are held in the systems registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Wireless
(should hold what you need)
Take a Cleanly setup machine, configure the wireless, and export that key.
You should be able to merge those details with the registry of another machine (perhaps restart) and it should have the details required to connect.
Hope this helps
/tAK

Hi tAK,

Actually the key Wireless does not exist in HKLM\SOFTWARE\Policies\Microsoft\Windows

I'm using Win XP Pro SP2.

Configuring WPA2 PEAP-MS-CHAP Wireless Settings

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members