使用自定义策略创建具有预共享密钥的 Wi-Fi 配置文件Use a custom policy to create a Wi-Fi profile with a pre-shared key

适用于:经典控制台中的 IntuneApplies to: Intune in the classic console
正在查找有关 Azure 中的 Intune 的文档?Looking for documentation about Intune on Azure? 请转到此处Go here.

下面介绍了如何使用 Intune 的自定义配置创建具有预共享密匙的 Wi-Fi 配置文件。Here's how to use Intune’s Custom Configuration to create a Wi-Fi profile with a pre-shared key. 本主题还有一个如何创建基于 EAP 的 Wi-Fi 配置文件的示例。This topic also has an example of how to create an EAP-based Wi-Fi profile.

备注
  • 如下所述,你可能会发现从连接到网络的计算机复制代码更加轻松。You might find it easier to copy the code from a computer that connects to that network, as described below.
  • 对于 Android,还可以选择使用此由 Johnathon Biersack 提供的 Android PSK 生成器For Android, you also have the option of using this Android PSK Generator provided by Johnathon Biersack.
  • 可以通过添加更多的 OMA-URI 设置来添加多个网络和密钥。You can add multiple networks and keys by adding more OMA-URI settings.
  • 对于 iOS,在 Mac 工作站上使用 Apple Configurator 来设置配置文件。For iOS, use Apple Configurator on a Mac station to set up the profile. 或者,使用此由 Johnathon Biersack 提供的 iOS PSK 移动配置生成器Alternatively, use this iOS PSK Mobile Config Generator provided by Johnathon Biersack.
  1. 若要为 Android 或 Windows 创建具有预共享密钥的 Wi-Fi 配置文件或基于 EAP 的配置文件,则在你创建策略时为该设备平台选择“自定义配置”,而不是 Wi-Fi 配置文件。To create a Wi-Fi profile with a pre-shared key for Android or Windows or an EAP-based Wi-Fi profile, when you create a policy choose Custom Configuration for that device platform rather than a Wi-Fi profile.

  2. 提供名称和说明。Provide a name and description.

  3. 添加新的 OMA-URI 设置:Add a new OMA-URI setting:

    a.a. 输入此 Wi-Fi 网络设置的名称。Enter a name for this Wi-Fi network setting.

    b。b. 输入 OMA-URI 设置的说明或留空。Enter a description of the OMA-URI setting or leave blank.

    c.c. 数据类型:设置为“String(XML)”Data Type: Set to "String(XML)"

    d.d. OMA-URIOMA-URI:

    • 对于 Android:./Vendor/MSFT/WiFi/Profile//SettingsFor Android: ./Vendor/MSFT/WiFi/Profile//Settings
    • 对于 Windows:./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXmlFor Windows: ./Vendor/MSFT/WiFi/Profile/MyNetwork/WlanXml
    备注

    请务必在开头包括点字符。Be sure to include the dot character at the beginning.

    SSID 是你为其创建策略的 SSID。SSID is the SSID for which you’re creating the policy. 例如,./Vendor/MSFT/WiFi/Profile/Hotspot-1/SettingsFor example, ./Vendor/MSFT/WiFi/Profile/Hotspot-1/Settings

    e.e. 值字段:这是粘贴 XML 代码的位置。Value Field is where you paste your XML code. 此处为一个示例。Here’s an example. 每个值都应适于你的网络设置。Each value should be adapted to your network settings. 参阅代码的注释部分以获取一些指针。See the comments section of the code for some pointers.

  4. 选择“确定”,保存并部署策略。Choose OK, save, and then deploy the policy.

    备注

    只可以将此策略部署到用户组。This policy can only be deployed to user groups.

每个设备在下次签入时,将应用该策略,且将在设备上创建 Wi-Fi 配置文件。The next time each device checks in, the policy will be applied, and a Wi-Fi profile will be created on the device. 设备将能够自动连接到网络。The device will be able to connect to the network automatically.

Android 或 Windows Wi-Fi 配置文件Android or Windows Wi-Fi profile

下面是一个针对 Android 或 Windows Wi-Fi 配置文件的 XML 代码示例:Here’s an example of the XML code for an Android or Windows Wi-Fi profile:

重要

<protected>false</protected> 必须设置为 false,因为 ture 可能导致设备需要加密密码并尝试进行解密,这可能导致连接失败。<protected>false</protected>must be set to false, as true could cause device to expect an encrypted password and then try to decrypt it, which may result in a failed connection.

<hex>53534944</hex> 应设置为 <name><SSID of wifi profile></name> 的十六进制值。<hex>53534944</hex> should be set to the hexadecimal value of <name><SSID of wifi profile></name>. Windows 10 设备可能会返回误报的“0x87D1FDE8 修正失败”错误,但仍可以使用该配置文件进行预配。Windows 10 devices may return a false 0x87D1FDE8 Remediation failed error, but will still be provisioned with the profile.

<!--
<Name of wifi profile> = Name of profile
<SSID of wifi profile> = Plain text of SSID. Does not need to be escaped, could be <name>Your Company's Network</name>
<nonBroadcast><true/false></nonBroadcast>
<Type of authentication> = Type of authentication used by the network, such as WPA2PSK.
<Type of encryption> = Type of encryption used by the network
<protected>false</protected> do not change this value, as true could cause device to expect an encrypted password and then try to decrypt it, which may result in a failed connection.
<password> = Password to connect to the network
<hex>53534944</hex> should be set to the hexadecimal value of <name><SSID of wifi profile></name>
-->
<WLANProfile
xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
  <name><Name of wifi profile></name>
  <SSIDConfig>
    <SSID>
      <hex>53534944</hex>
 <name><SSID of wifi profile></name>        </SSID>
        <nonBroadcast>false</nonBroadcast>
      </SSIDConfig>
      <connectionType>ESS</connectionType>
      <connectionMode>auto</connectionMode>
      <autoSwitch>false</autoSwitch>
      <MSM>
        <security>
          <authEncryption>
            <authentication><Type of authentication></authentication>
            <encryption><Type of encryption></encryption>
            <useOneX>false</useOneX>
          </authEncryption>
          <sharedKey>
            <keyType>networkKey</keyType>
            <protected>false</protected>
            <keyMaterial>MyPassword</keyMaterial>
          </sharedKey>
          <keyIndex>0</keyIndex>
        </security>
      </MSM>
    </WLANProfile>

基于 EAP 的 Wi-Fi 配置文件EAP-based Wi-Fi profile

下面是一个针对基于 EAP 的 Wi-Fi 配置文件的 XML 代码示例:Here’s an example of the XML code for an EAP-based Wi-Fi profile:

    <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
      <name>testcert</name>
      <SSIDConfig>
        <SSID>
          <hex>7465737463657274</hex>
          <name>testcert</name>
        </SSID>
        <nonBroadcast>true</nonBroadcast>
      </SSIDConfig>
      <connectionType>ESS</connectionType>
      <connectionMode>auto</connectionMode>
      <autoSwitch>false</autoSwitch>
      <MSM>
        <security>
          <authEncryption>
            <authentication>WPA2</authentication>
            <encryption>AES</encryption>
            <useOneX>true</useOneX>
            <FIPSMode     xmlns="http://www.microsoft.com/networking/WLAN/profile/v2">false</FIPSMode>
          </authEncryption>
          <PMKCacheMode>disabled</PMKCacheMode>
          <OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
            <cacheUserData>false</cacheUserData>
            <authMode>user</authMode>
            <EAPConfig>
              <EapHostConfig     xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
                <EapMethod>
                  <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type>
                  <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
                  <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
                  <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
                </EapMethod>
                <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
                  <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
                    <Type>13</Type>
                    <EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1">
                      <CredentialsSource>
                        <CertificateStore>
                          <SimpleCertSelection>true</SimpleCertSelection>
                        </CertificateStore>
                      </CredentialsSource>
                      <ServerValidation>
                        <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
                        <ServerNames></ServerNames>
                      </ServerValidation>
                      <DifferentUsername>false</DifferentUsername>
                      <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</PerformServerValidation>
                      <AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</AcceptServerName>
                      <TLSExtensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
                        <FilteringInfo xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV3">
                          <AllPurposeEnabled>true</AllPurposeEnabled>
                          <CAHashList Enabled="true">
                            <IssuerHash>75 f5 06 9c a4 12 0e 9b db bc a1 d9 9d d0 f0 75 fa 3b b8 78 </IssuerHash>
                          </CAHashList>
                          <EKUMapping>
                            <EKUMap>
                              <EKUName>Client Authentication</EKUName>
                              <EKUOID>1.3.6.1.5.5.7.3.2</EKUOID>
                            </EKUMap>
                          </EKUMapping>
                          <ClientAuthEKUList Enabled="true"/>
                          <AnyPurposeEKUList Enabled="false">
                            <EKUMapInList>
                              <EKUName>Client Authentication</EKUName>
                            </EKUMapInList>
                          </AnyPurposeEKUList>
                        </FilteringInfo>
                      </TLSExtensions>
                    </EapType>
                  </Eap>
                </Config>
              </EapHostConfig>
            </EAPConfig>
          </OneX>
        </security>
      </MSM>
    </WLANProfile>

从现有的 Wi-Fi 连接创建 XML 文件Create the XML file from an existing Wi-Fi connection

还可以从现有的 Wi-Fi 连接创建 XML 文件:You can also create an XML file from an existing Wi-Fi connection:

  1. 在连接到或最近连接到无线网络的计算机上,打开下列文件夹:C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\{guid}。On a computer that is connected to or has recently connected to the wireless network, open the following folder: C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces{guid}.

    最好使用尚未连接到许多无线网络的计算机,因为必须搜索每个配置文件以找到正确的文件。It’s best to use a computer that has not connected to many wireless networks, because you’ll have to search through each profile to find the right one.

  2. 搜索 XML 文件以找到具有正确名称的那一个。Search through the XML files to locate the one with the right name.
  3. 找到了正确的 XML 文件后,复制 XML 代码并将其粘贴到 OMA-URI 设置页的数据字段中。After you have located the correct XML file, copy and paste the XML code into the Data field of the OMA-URI settings page.

部署策略Deploy the policy

  1. 在“策略”工作区中,选择想要部署的策略,然后选择“管理部署”。In the Policy workspace, select the policy that you want to deploy, and then choose Manage Deployment.

  2. 在“管理部署” 对话框中:In the Manage Deployment dialog box:

    • 部署策略选择想要向其部署策略的一个或多个组,然后选择“添加”>“确定”。To deploy the policy - Select one or more groups to which you want to deploy the policy, and then choose Add > OK.

    • 关闭对话框而不部署 — 选择取消To close the dialog box without deploying it - Choose Cancel.

如果你选择的是已部署的策略,则可以在策略列表的下半部分查看有关部署的详细信息。When you select a deployed policy, you can view more information about the deployment in the lower part of the policies list.

另请参阅See also

Microsoft Intune 中的 Wi-Fi 连接Wi-Fi connections in Microsoft Intune

要提交产品反馈,请访问 Intune Feedback