Greetings,In our environment, we have a number of managed laptops that need to be connected to a certain SSID, which is WPA2 personal. These laptops are checked out to faculty/students so giving out the WPA2 Personal password is not an option. Will Windows 7 save the password for this network for all users? Is there a way to add the key via a startup script in Group policy?Thanks in advance.

You should be able to do that with netsh commands in a script...http://technet.microsoft.com/en-us/library/dd744890(WS.10).aspxI can't speak to a group policy simply because I don't live in that type of environment.MS-MVP Windows Desktop Experience, "When all else fails, read the instructions"

XP and Vista saved the WEP and WPA2 keys so I would hope Win 7 also does. If not it's a serious bug I would think.Rich

So if I understand correctly, not all students can go on the wireless network, but only the managed laptops you have are allowed to go on the wireless network? And all laptops connecting to the wireless network are managed by you and are in a domain? Wouldn't it be easier to not have a password on the wireless network, but just only give access to the MAC addresses you manage? I understand it's not very secure as people can spoof their private laptop's MAC address, but I'm pretty sure they can also read the WPA2 key by installing certain tools on the laptops you hand out to them. I think the disadvantage of using a wireless password that is unknown, is that if you ever want to change the password because the security has been breached, you can't. Even if you could push the password through group policy, the laptops cannot connect to the group policy because they cannot connect to the wireless network ;-) Ruud van Strijp - Network Infrastructure Design in the Netherlands. MCSE: 70-270, 70-284, 70-290, 70-291, 70-294, 70-297. Cisco: CCNA, CCDA, CCNP, CCDP.

this why we have radius 802.1x authentication

this why we have radius 802.1x authentication Exactly, that would be even better. The problem might be though, that it's more complex to set up.Ruud van Strijp - Network Infrastructure Design in the Netherlands. MCSE: 70-270, 70-284, 70-290, 70-291, 70-294, 70-297. Cisco: CCNA, CCDA, CCNP, CCDP.

this why we have radius 802.1x authentication Exactly, that would be even better. The problem might be though, that it's more complex to set up. Ruud van Strijp - Network Infrastructure Design in the Netherlands. MCSE: 70-270, 70-284, 70-290, 70-291, 70-294, 70-297. Cisco: CCNA, CCDA, CCNP, CCDP. Exactly. This is what we're going to have to do in the long run

So if I understand correctly, not all students can go on the wireless network, but only the managed laptops you have are allowed to go on the wireless network? And all laptops connecting to the wireless network are managed by you and are in a domain? Wouldn't it be easier to not have a password on the wireless network, but just only give access to the MAC addresses you manage? I understand it's not very secure as people can spoof their private laptop's MAC address, but I'm pretty sure they can also read the WPA2 key by installing certain tools on the laptops you hand out to them. I think the disadvantage of using a wireless password that is unknown, is that if you ever want to change the password because the security has been breached, you can't. Even if you could push the password through group policy, the laptops cannot connect to the group policy because they cannot connect to the wireless network ;-) Ruud van Strijp - Network Infrastructure Design in the Netherlands. MCSE: 70-270, 70-284, 70-290, 70-291, 70-294, 70-297. Cisco: CCNA, CCDA, CCNP, CCDP. Good point, I requested that we just use an access list of mac addresses, but our network guy wants to use WPA2 until he can get radius set up. I would think that if we had to change the password, they would just need to connect to ethernet and the tablet could update to the newer policy?

You should be able to do that with netsh commands in a script...http://technet.microsoft.com/en-us/library/dd744890(WS.10).aspxI can't speak to a group policy simply because I don't live in that type of environment. MS-MVP Windows Desktop Experience, "When all else fails, read the instructions" Thanks