Zoom7000 Posted August 20, 2009 Share Posted August 20, 2009 I need to connect 50 laptops to a wireless access point with a 26 character WEP key. Is it possible to put the details in a .reg file and deploy this way? Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/ Share on other sites More sharing options...
Owen W Veteran Posted August 20, 2009 Veteran Share Posted August 20, 2009 I need to connect 50 laptops to a wireless access point with a 26 character WEP key. Is it possible to put the details in a .reg file and deploy this way? Are said laptops on a domain? I wouldn't use WEP/WPA in this case. It is insecure and not recommended to store the password on the PC's themselves. If you're using a domain, setup a RADIUS server, that way it's server based and automatic. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466220 Share on other sites More sharing options...
Zoom7000 Posted August 20, 2009 Author Share Posted August 20, 2009 I agree with you in principle. However, the problem there is that we've already setup 100s of other laptops in this way! We never envisaged a school full of laptops not desktops! So, as nice as it would be to get a RADIUS server setup, at the moment we need to stick to WEP/WPA until we can plan in time to reconfigure the rest! Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466252 Share on other sites More sharing options...
+BudMan MVC Posted August 20, 2009 MVC Share Posted August 20, 2009 Yeah wep is pretty much pointless. But as pointed out if the boxes are members of a domain -- just use say wpa - enterprise and have the users auth with their own passwords to your wireless network. windows server comes with IAS http://www.microsoft.com/downloads/details...;displaylang=en Windows Server 2003 Internet Authentication Service (IAS) Operations Guide http://technet.microsoft.com/en-us/network/bb643123.aspx Internet Authentication Service Internet Authentication Service (IAS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy in Windows Server 2003. As a RADIUS server, IAS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and virtual private network (VPN) connections. As a RADIUS proxy, IAS forwards authentication and accounting messages to other RADIUS servers. In Windows Server 2008, IAS has been replaced with Network Policy Server (NPS). edit: Just because you have setup 100s the wrong way already, does not mean you can not correct the problem now vs just adding more laptops to the problem. edti2: but to import/export import wireless profiles you can use netsh here http://www.kreslavsky.com/2009/05/import-w...p-or-vista.html Import Wireless Settings Profile on Windows XP or Vista Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466262 Share on other sites More sharing options...
Owen W Veteran Posted August 20, 2009 Veteran Share Posted August 20, 2009 I agree with you in principle. However, the problem there is that we've already setup 100s of other laptops in this way! We never envisaged a school full of laptops not desktops! So, as nice as it would be to get a RADIUS server setup, at the moment we need to stick to WEP/WPA until we can plan in time to reconfigure the rest! I forsee many security issues with using WEP/WPA and ISA/RADIUS is the best way to go. I work for a school myself, and we manage around 300 PCs and 200 laptops (1500 Users) and we've deployed RADIUS swiftly and successfully - on both PC's and laptops. In the long run, it will make it faster for you, and it can be rolled out to the existing laptops straight away without needing interaction through domain policy. There is no reason not to choose this option! All you need to do is set the RADIUS up, apply the appropriate permissions to the groups you already have and then update your GPO's. It's just that simple. The PC's, when in range will automatically connect and authenticate making your job easier, and security much higher. Security with WEP/WPA being used locally is problematic, as students can retrieve the passwords and use their own mobile devices to run rampant on any device they like, where as with RADIUS this problem does not exist. edit: Just because you have setup 100s the wrong way already, does not mean you can not correct the problem now vs just adding more laptops to the problem.edti2: but to import/export import wireless profiles you can use netsh here http://www.kreslavsky.com/2009/05/import-w...p-or-vista.html Import Wireless Settings Profile on Windows XP or Vista Pretty much, i agree. Don't create a bigger headache for yourself in the longrun Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466306 Share on other sites More sharing options...
sc302 Veteran Posted August 20, 2009 Veteran Share Posted August 20, 2009 You don't want to use WEP in a school enviornment, with potential "hackers" on the network as you stated in a previous post. they can get other users passwords, which can give them access to their documents. and if your teachers and also admin are on wep that is a potential danger to them as well. Get them off wep. that is your new project for August before school starts, forget the imaging thing and buy a solution, you can show that you don't have enough time to invest in it and you can show them that the time you have outweighs the cost and the need. Now you put that in a report to hand to Technology Manager of the school and you will have what you want, I am sure of it. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466330 Share on other sites More sharing options...
Owen W Veteran Posted August 20, 2009 Veteran Share Posted August 20, 2009 You don't want to use WEP in a school enviornment, with potential "hackers" on the network as you stated in a previous post. they can get other users passwords, which can give them access to their documents. and if your teachers and also admin are on wep that is a potential danger to them as well. Get them off wep. that is your new project for August before school starts, forget the imaging thing and buy a solution, you can show that you don't have enough time to invest in it and you can show them that the cost outweighs the time that you have to spend on it. Imaging is fine, if you use RADIUS. I agree with everything else, WEP (and even WPA) is dangerous if stored locally and can just let students wreak havoc on your network. Students like doing this too. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466340 Share on other sites More sharing options...
Zoom7000 Posted August 20, 2009 Author Share Posted August 20, 2009 OK guys, you have convinced me. I will look up setting up a RADIUS, or as BudMan mentioned, an IAS server. We are running Server 2003 here. One question I wanted to ask in relation to IAS is whether it will clash with our Internet filter proxy in anyway. We have an Internet filter which the PCs are routed through via Internet Explorer's proxy settings (deployed by GPO). Will IAS clash with this or is it entirely separate? Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466408 Share on other sites More sharing options...
+BudMan MVC Posted August 20, 2009 MVC Share Posted August 20, 2009 No completely different -- has nothing to do with your internet filter.. IAS is microsofts RADIUS server is all. "Internet Authentication Service (IAS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server" Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466478 Share on other sites More sharing options...
Zoom7000 Posted August 20, 2009 Author Share Posted August 20, 2009 Thanks, I'll give it a go! Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466578 Share on other sites More sharing options...
sc302 Veteran Posted August 20, 2009 Veteran Share Posted August 20, 2009 Imaging is fine, if you use RADIUS. I agree with everything else, WEP (and even WPA) is dangerous if stored locally and can just let students wreak havoc on your network. Students like doing this too. He has another issue in the windows section working with patching and imaging. I think getting this resolved is more important. I think he should concentrate on getting this working 100% before investing time in the imaging issue. If it comes down to it he can put a nice little request together showing that this is going to take more time to get right and to purchase a solution that would take care of his imaging issue. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466686 Share on other sites More sharing options...
+BudMan MVC Posted August 20, 2009 MVC Share Posted August 20, 2009 You don't really need to purchase anything to do imaging. If he is a windows shop, there are tools from MS to be able to manage deployment of machines, and also maintain their patch levels, etc. sysprep http://support.microsoft.com/kb/302577 How to use the Sysprep tool to automate successful deployment of Windows XP for vista http://technet.microsoft.com/en-us/library...28WS.10%29.aspx Windows Vista Deployment Step-by-Step Guide This document provides instructions for implementing a basic image-based deployment of Microsoft? Windows Vista? operating system. Patching http://technet.microsoft.com/en-us/wsus/default.aspx Microsoft Windows Server Update Services Sure he can always purchase a solution that could make his life easier, etc. But not having the budget is not always an excuse for making your life easier with the tools that are out there and fully supported, etc. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591466802 Share on other sites More sharing options...
sc302 Veteran Posted August 20, 2009 Veteran Share Posted August 20, 2009 why do I bother sometimes. just about everything that you just wrote was covered in his other post. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591467052 Share on other sites More sharing options...
+BudMan MVC Posted August 20, 2009 MVC Share Posted August 20, 2009 sc302 what are you talking about? I don't see any other post that gives info on how he could accomplish imaging and patching.. I just provided links to the free resources that are available for this. Which was a response to your statement "to purchase a solution that would take care of his imaging issue. " is there some other thread where he is asking about imaging? If so then yes my responses would be better off in that thread. edit: I just looked for the OP topics -- and the only thing I see about imaging was a request for him about free imaging software that I responded to back in may. So Im at a loss to your facepalm?? which was in response to your purchase comment is all. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591467150 Share on other sites More sharing options...
sc302 Veteran Posted August 20, 2009 Veteran Share Posted August 20, 2009 Go into windows section and look in the issue with locking the keyboard and mouse. In there it was covered. I'd post a link but I am driving. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591467190 Share on other sites More sharing options...
+BudMan MVC Posted August 20, 2009 MVC Share Posted August 20, 2009 Ok I see his post about he is already using wsus and ris.. I had not read that thread, sorry ;) And my links for him (did not know he already used them) and any other user that might find this thread, etc. Again its was directly related to your purchase suggestion, just pointing out other FREE options is all, etc. Not sure it was due a facepalm, and btw you should not be texting while driving ;) Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591467254 Share on other sites More sharing options...
sc302 Veteran Posted August 20, 2009 Veteran Share Posted August 20, 2009 Lol Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591467316 Share on other sites More sharing options...
sc302 Veteran Posted August 20, 2009 Veteran Share Posted August 20, 2009 Sometimes it is better to make your job easier with technology than to make life difficult trying to figure technology out. It may cost more monetarily, but it will take less man hours to deploy and figure out (not in all cases) and end up costing less in the long run (man hours time spent figuring it out vs cost of product and deployment). Everything has a cost, it just is a matter of how to justify one or the other. Sure you are paying me one way or another, but doing x takes me away from doing y and z. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591467412 Share on other sites More sharing options...
+BudMan MVC Posted August 20, 2009 MVC Share Posted August 20, 2009 Agree completely! nothing is free ;) Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591467736 Share on other sites More sharing options...
Zoom7000 Posted August 20, 2009 Author Share Posted August 20, 2009 sc302, you are mixing up both my threads! :p With regards to the keyboard/mouse locking question, it was purely to trial newer advanced methods of imaging. The reason I don't "Ghost/Altris/PING" or any other form of disk image is because of the vast range of different hardware we have. Acer, Dell, HP, Asus etc. From when I started my job, I learnt how to create unattended installations from MSFN and I amended it to fit RIS installations. I prefer installing from a CD base as opposed to a Sysprep'd disk image for ease of creation and saving disk space. Also, with this method I can have 1 universal image that works on most of the hardware we have. The reason for exploring the possibility of inital domain admin logon was to allow integration of DriverPacks rather than having to have loads of drivers in $OEM$ folders. For DriverPacks to work correctly, they have a "finisher" mode that runs on first logon via RunOnceEx. Obviously you don't have an initial logon with RIS which is why I was trying to explore the different possibilities (i.e. Locking keyboard and mouse whilst the Administrator account runs all it's scripts.) As for the deploying of WEP/WPA keys, it was merely to save typing in loads of keys. Obviously a RADIUS server is a much better option and something I wasn't aware of. And also, trying to work around time constraints and also having to set up an IAS server not having done one before will take time reading and planning. However, it is obviously the better option. I have managed to secure my PCs as much as possible. Kids can't run ANY applications other than the ones that I allow (usually in Program Files) and no more portable applications. Yes the WEP is an issue, but it was something I had not got round to sorting out, as yet! Hope that clears up the confusions! Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591467846 Share on other sites More sharing options...
sc302 Veteran Posted August 20, 2009 Veteran Share Posted August 20, 2009 (edited) you should really look at the links i provided in your other thread, which allows for imaging across multiple hardware platforms (1 image for a mix of hardware) as well as deploying at a schedule, deploying without intervention at a pc, and patch/install/application management. The only reason that I brought this in here was that installing, configuring, testing, and deploying a radius server is not going to be done in a day. You should take 1 project at a time. I am just trying to help make your admin job easier, but if you like doing things the hard way, trying to figure out every nitpicky detail, so be it. I have given you a solution in your other thread, you can figure out how to incorporate it as well as trying to figure out how to install and properly configure a microsoft radius server (not as easy as install the option and run with it). http://www.microsoft.com/downloads/details...;displaylang=en enjoy and good luck, let us know when you get stuck. Edited August 20, 2009 by sc302 Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591467922 Share on other sites More sharing options...
agreenbhm Posted August 22, 2009 Share Posted August 22, 2009 This is something to keep in mind for setting up IAS. Don't you NEED to have a PKI setup to use RADIUS with Windows? I tried to set RADIUS up at work but it would never authenticate properly, and later I was told I needed a PKI, although I never saw this documented anywhere. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591476980 Share on other sites More sharing options...
sc302 Veteran Posted August 22, 2009 Veteran Share Posted August 22, 2009 read the doc that I posted above your reply. tells you how to set it up, step by step. Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591478328 Share on other sites More sharing options...
ZZzzzzzZZZZZ Posted August 22, 2009 Share Posted August 22, 2009 Only way I know of is if you have identical compyters/laptops, create a image of a system that is connected to your network. Save the WPA settings and set as automatically Now copy the cloned image onto the other computers DONE :) Link to comment https://www.neowin.net/forum/topic/814076-deploy-wepwpa-settings-via-registry/#findComment-591478766 Share on other sites More sharing options...
Recommended Posts