Change the password for a Wi-Fi profile

Question

In the long-term care hospital where I volunteer, on the first day of every month, the password for the Guest Wi-Fi connection changes. This causes a lot of work for the staff and a lot of frustration for the patients, many of whom have very limited mobility.

(Yes, the real solution is to get the IT team to keep the same password, but that's not going to happen).

Most of the patients connect to the outside world through Windows laptops. I'd like to create a batch script that we can install on their computers that will automatically retrieve the password for the coming month and apply it as soon as it is needed.

I can put next month's Guest password in a file on the hospital's internal network, where it can only be accessed by someone who currently has this month's password, and I can use bitsadmin inside a batch script to retrieve the password to a local file (see below). I can set up a task on each patient's computer to run this script just before the end of the month.

My question is: when last month's password fails at the beginning of the new month, how can I change the password for that network connection from a batch script?

I know that I can use...

netsh wlan show profile name=“INSERT_SSID_HERE” key=clear

... to find the current password, but how can I set it?

---

EDIT: I have found that in Windows Vista and up, the Wi-Fi passphrase is stored in an XML file at C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces[Interface Guid].xml. It appears in the format:

- <sharedKey>
    <keyType>passPhrase</keyType>
    <protected>true</protected>
    <keyMaterial> ** 400+ hexit number ** </keyMaterial>
  </sharedKey>

I am guessing that to change the password, I need to encrypt the new password using the appropriate algorithm and update this XML file. Is there a command that I can use to do this automatically? If not, what encryption algorithm should I use?

A simpler alternative might be to remove the encryption:

    <protected>false</protected>
    <keyMaterial>plainTextPassword</keyMaterial>

However, when I try to relaunch the Wi-Fi connection after rebooting the computer, using an XML file that has been modified this way, the connection fails.

---

A solution which does not require a reboot is preferable.

---

Batch script to retrieve password:

@echo off
setlocal
set file=%~dp0result.txt
bitsadmin /reset
bitsadmin /create /download job
bitsadmin /addfile job http://example.com/password.html %file%
bitsadmin /resume job

timeout 5

bitsadmin /getstate job | find /i "TRANSFERRED" && goto :done
bitsadmin /cancel job
exit /b 1

:done
bitsadmin /complete job
:: results.txt now holds the new password
exit /b 0

Answer 1

Did you try removing and re-adding the profile instead of just changing the content of the XML to use plain password?

I had a similar situation in the past and this is what worked for me:

This answer assumes that you want to keep only the WiFi password on the network instead of a full XML and the SSID of the WiFi is "My Network".

1. Disconnect from the network: netsh wlan disconnect
2. Export the "My Network" profile to somewhere else, e.g. C:\: netsh wlan export profile folder="C:\" name="My Network" key=clear --> this should create C:\Wi-Fi-My Network.xml. The resulting xml file should be similar to the one you see in C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces, but with the <sharedKey> part unprotected (this allows us to only do one replacement on the next step). Obviously, you can also do this by copying the file from the Wlansvc's profile directory, but doing so requires the knowledge of the interface's GUID. Exporting is easier as you only need to know your SSID.
3. In the copied profile, make sure that protected is false, and fill the keyMaterial with the plain password (simple text replacement, should be easy to do with VB or C#, but if you need to do it purely in batch script, see Changing tag data in an XML file using windows batch file)
4. Remove the currently stored profile: netsh wlan delete profile name="My Network"
5. Add back the profile: netsh wlan add profile filename="C:\Wi-Fi-My Network.xml".
   (This will recreate the appropriate file in C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces, with encrypted password.)
6. Connect to the network: netsh wlan connect name="My Network"

If you are okay with storing the full XML, you can also export the profile unencrypted (step 2) and store it in your network drive, then you simply need to do step 1, 4, 5 and 6.

I hope this helps.