Branners Posted May 4, 2012 Share Posted May 4, 2012 We run a lot of internet stations at work and to avoid changing the WIFI key each month we have a permanent WIFI key running which is put in to the internet stations and then we run Deep Freeze to stop the clients tiddling about with them. However, I realised yesterday that if a client goes in to the network config for the WIFI you can make the WIFI code display the characters. So our super duper never to expire code is now visible to anybody who cares to look. Has anybody worked out a way of stopping this code from being visible? Microsoft have said it is a 'security feature', but everybody else says its a security hole for any company that wants devices on their network without them knowing what the wifi key was. Quote Link to comment Share on other sites More sharing options...
ScottC Posted May 4, 2012 Share Posted May 4, 2012 CJ is your man when it comes to this sort of thing Quote Link to comment Share on other sites More sharing options...
imi Posted May 4, 2012 Share Posted May 4, 2012 best to use an enterprise wlan security solution, using Radius and cycle through keys. Quote Link to comment Share on other sites More sharing options...
Branners Posted May 4, 2012 Author Share Posted May 4, 2012 That would be ideal if we didnt have 300 different clients in each of the 11 venues every day, half of which require a wifi key and require it right there and then. The normal keys are rotating every month which is hard enough to manage, so anything more complex would just fall apart. We also have VLAN specific keys off the same SSID so managing that whole lot is a full time job. There are 2 of us in IT running venues capable of handling upwards of 600 people in some cases. So simplicity is they key. If there's no fix such as disabling the whole wifi settings page then I will just go back to using the monthly key and get the venue to rotate as required. Quote Link to comment Share on other sites More sharing options...
imi Posted May 4, 2012 Share Posted May 4, 2012 perhaps something like zonecd could do the trick. Quote Link to comment Share on other sites More sharing options...
CJ Posted May 5, 2012 Share Posted May 5, 2012 CJ is your man when it comes to this sort of thing Imi seems to have this under control and so i wont step on his toes Quote Link to comment Share on other sites More sharing options...
DamanC Posted May 5, 2012 Share Posted May 5, 2012 Can you just not filter out access via MAC key or is it too much leg work? Quote Link to comment Share on other sites More sharing options...
Branners Posted May 5, 2012 Author Share Posted May 5, 2012 Thanks Daman, That was one of my thoughts. We have around 10 internet PCs and about 10 laptops per venue so it would be 220 MAC addresses. Not impossible to manage but as we turn over laptops quite quickly it might take a bit of managing. I will see if I can just disable the wifi setup via a GP and then they cannot change it or connect to a different wifi network. Quote Link to comment Share on other sites More sharing options...
Wez Posted May 5, 2012 Share Posted May 5, 2012 Looking at a GP or user security to block them accessing the settings would be my first choice, no reason for end users to be poking around in there Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.