Offering WIFI profiles as a “GPO preference” in Windows 7

WIFI profiles can be configured very easily by using Group Policies. However, using GPOs to set WIFI settings limits the user in defining his own preference. A setting like “Auto connect to this network when in range” is set by the system administrator and cannot be unset by a user.

WIFI settings in a GPO

To avoid this problem, I was thinking about a “WIFI offering”. A computer should be provisioned by the right WIFI settings to connect to that SSID. However, if a user wants to modify the setting to its own desires, he should be able to to this. In addition, I also wanted to have the WIFI profile recreated in case the user accidentally deleted the profile.

The solution for this scenario is much easier than I thought, but I think it’s still useful to blog 🙂

1. First, we need to configure the “recommended” WIFI settings on a Windows 7 laptop. You can do this in the Network and Sharing Center. To quickly open the Network and Sharing center, enter the following command in a command prompt:

control.exe /name Microsoft.NetworkAndSharingCenter

2. After having the WIFI connection configured as desired, you should export these settings to an XML-file, using the netsh command. Type the following command in a command prompt:

netsh wlan export profile my-first-wifi folder=c:\

3. The netsh command above has now created a Wireless-Network-Connection-my-first-wifi.xml file in C:\ . Save this file to a network location that is accessible to all domain computers. For example your NETLOGON directory

4. Next, we need to create a batch file with the following commands:

netsh wlan show profiles | find /i "my-first-wifi"
if errorlevel 1 (
netsh wlan add profile filename="\\\netlogon\Wireless-Network-Connection-my-first-wifi.xml" user=all

This command will first check whether “my-first-wifi” exists. If it does exist (“if errorlevel 0”), do nothing. If the WIFI profile “my-first-wifi” does not exist (“if error level 1”), it creates the profile with “netsh wlan add profile …”

5. Now since you have created the BATCH file and have exported the XML file with WIFI settings, the only thing you need to do is run the batch-script at computer startup. I prefer doing this in the Computer Configuration of a Group Policy in “Windows Settings –> Scripts (StartUp/Shutdown)”, but configuring at “Administrative Templates –> System –> Scripts” will do fine too.

And we’re done! Steps above will:

  • supply new domain computers with a pre-configured WIFI profile
  • allow users to modify the profile in their own needs
  • re-create the profile in case a user accidentally deletes the profile
  • allow Service Desk to quickly help a user “repairing the WIFI profile”: simply delete the wireless configuration and restart the computer!
0 0 votes
Article Rating
Notify of
Newest Most Voted
Inline Feedbacks
View all comments
Tom S

This is a logon script, not a Group Policy Preference.


nice writeup, thanks.
i noticed that if you let the user save their credentials and the profile is applied again, the credentials disappear. So it’s important to verify that the profile already exists.

Stuart M

Probably obvious, but if you “simply delete the wireless configuration and restart the computer!” as you suggest then they computer probably won’t be able to get to the netlogon share and therefore won’t reapply the profile!


Very useful article. Thank you. It helped me to deploy wifi profile in organization, and allow people to change “autoconnect” parameter.
Perfect realisation.


Great! Glad it helped you out!


[…] I have not written a step-by-step guide to do this yet, but you may find this blog post about deploying WIFI-profiles with GPO Preference interesting and […]

Would love your thoughts, please comment.x