Scripting Windows XP Pre-Shared Keys for WPA PSK wireless networks

With Windows 7 in use across many schools, the netsh command makes doing things with the inbuilt wireless networking stack very easy. However, it’s not that easy with Windows XP. In this article I’m going to show you a very easy way to script your computers to join a wireless network with a pre-shared key.

Now, let me start first by saying that I don’t condone the use of a pre-shared key in a corporate environment such as a school, college or business. Using a pre-shared key will turn out to be an administrative nightmare if you need to change the key (which, being a school, you inevitably will) so I recommend that any network admins reading this first investigate the benefits of implementing RADIUS and check out some products which do this easily, such as Ruckus Wireless.

Regardless, this is something that I needed to do myself a few weeks ago when rolling out a fleet of desktops that were to join a wireless network.

The technical bits, script samples and downloadable files in this article are taken from an article on the Symantec Connect Community website.

In brief:

  1. Download WLAN.ZIP from the Symantec site and extract it to a folder on your PC. Note: By downloading this software, you agree to the terms and conditions in the Altiris End User License Agreement. Support for this download is not provided by Kamazoy.
  2. On a Windows XP SP3 client, join the wireless network and enter the pre-shared key. Note, you must be using the Microsoft Wireless Zero Configuration service for this to work. Using the vendor’s wireless utility won’t do!
  3. Open a command prompt, change to wherever you extracted the file.
  4. Run wlan.exe ei to enumerate the interfaces in your PC.

    Interface 0:
    GUID: 89762a5d-bc6b-4ac6-8cf3-b0462b2bafef
    Intel(R) PRO/Wireless 3945ABG Network Connection – Teefer2 Miniport
    State: “disconnected”
    Command “ei” completed successfully.

  5. To get the profiles on the interface, run wlan.exe gpl

    Command “gpl” completed successfully.

  6. To extract the profile to XML run the command wlan.exe gp <Name of chosen profile>

    <?xml version=”1.0″?>
    <WLANProfile xmlns=”″>
    <keyMaterial>76A3DEC BA383180E8A18E4E522</keyMaterial>
    Command “gp” completed successfully.

  7. Save the contents of the dumped XML file to a text file, and take the profile XML and wlan.exe to another computer, and run wlan.exe sp – this however assumes that the interface guid is the same on the new computer as it is the old.
  8. To deploy this profile on any interface in a PC, use this script written by jaylweb to do the hard work for you.

    @echo off
    echo Grabbing WLAN Interface…
    For /F “skip=2 tokens=1,2” %%A IN (‘wlan.exe ei’) Do If “%%A”==”GUID:” set Interface=%%B
    echo Adding wlan SSID
    wlan.exe sp %Interface% profile.xml
    set Interface =
    echo SSID: %~n0 has been configured!

The tricky part will be to get PCs that are not yet on the network to recognise and deploy the new profile. This can be done using a local policy startup script, if you’re about to image the computer for mass deployment.

When you re-image a computer the wireless configuration is removed if it’s a pre-shared key profile, so this procedure will put it back in.

  1. Click Start, click Run, type gpedit.msc and click OK.
  2. In Local Group Policy Editor, click Scripts (Startup/Shutdown). This is located in the Computer Configuration\Windows Settings node.
  3. In the details pane, double-click Startup.
  4. In the Startup Properties dialog box, click Show Files.
  5. Copy the contents of your wlan extraction folder, including the profile, to the folder that appears. Then close the window.
  6. In the Startup Properties dialog box, click Add.In Script Name, type the path to your batch file mentioned above, or click Browse to search for the script file in the directory. Leave Script Parameters blank.
  7. Click OK and close the Local Group Policy Editor. The script will now run silently every time the PC is switched on.

I hope this helps you. This saved quite a headache for one of the schools we provide support to, and allowed the PC deployment team to avoid having to log in to every PC, join the wireless network, enter the key and log off the computer – all in all, about four man-days!