Hello, we are having a small problem with not being able to remove cached credentials on wlan profiles. If I want to edit the properties of the wireless connection, all settings are greyed out with the message "these settings are managed by your system administrator". However, we have no gpo policy in any way related to wlan profiles. The wireless connection itself is a WPA2-enterprise security type with PEAP authentication (it's a connection to the "eduroam" network, which is a wifi network available in a lot of European universities). If I run "netsh wlan show profiles" (in an elevated cmd window), the eduroam profile is listed as "group policy profile (read only)" and when I try to delete it, I get this message: "You do not have sufficient privileges or the profile "eduroam" on interface "wifi" is a group policy profile. Strangely, if I take the computer out of the domain, it is then possible to edit the settings. I do not have any clue however which gpo could be locking this. You can find a shortened gpresult under this message, as well as the exported wlan profile in xml format. In short, I'd like to know if this might be related to a setting in our domain, or if it is possible that the profile is somehow locked by design (for security reasons) or by the administrators of the eduroam network. Thank you! gpresult: User Configuration Policies Windows Settings Security Settings Public Key Policies/Certificate Services Client - Auto-Enrollment Settings ->Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificates -- Disabled ->Update and manage certificates that use certificate templates from Active Directory --- disabled Internet Explorer Maintenance Browser User Interface/Customized Title Bar Administrative Templates Policy definitions (ADMX files) retrieved from the local machine. Control Panel/Printers As you can see, nothing seems to have anything to do with wlan settings profile xml file: <? xml version = " 1.0 " ?> < WLANProfile xmlns = " http://www.microsoft.com/networking/WLAN/profile/v1 " > < name > eduroam</ name > < SSIDConfig > < SSID > < hex > 656475726F616D</ hex > < name > eduroam</ name > </ SSID > < nonBroadcast > false</ nonBroadcast > </ SSIDConfig > < connectionType > ESS</ connectionType > < connectionMode > auto</ connectionMode > < autoSwitch > false</ autoSwitch > < MSM > < security > < authEncryption > < authentication > WPA2</ authentication > < encryption > AES</ encryption > < useOneX > true</ useOneX > </ authEncryption > < OneX xmlns = " http://www.microsoft.com/networking/OneX/v1 " > < maxAuthFailures > 1</ maxAuthFailures > < authMode > machineOrUser</ authMode > < EAPConfig > < EapHostConfig xmlns = " http://www.microsoft.com/provisioning/EapHostConfig " > < EapMethod > < Type xmlns = " http://www.microsoft.com/provisioning/EapCommon " > 25</ Type > < VendorId xmlns = " http://www.microsoft.com/provisioning/EapCommon " > 0</ VendorId > < VendorType xmlns = " http://www.microsoft.com/provisioning/EapCommon " > 0</ VendorType > < AuthorId xmlns = " http://www.microsoft.com/provisioning/EapCommon " > 0</ AuthorId > </ EapMethod > < Config xmlns = " http://www.microsoft.com/provisioning/EapHostConfig " > < Eap xmlns = " http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1 " > < Type > 25</ Type > < EapType xmlns = " http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1 " > < ServerValidation > < DisableUserPromptForServerValidation > true</ DisableUserPromptForServerValidation > < ServerNames > radius.kuleuven.be</ ServerNames > < TrustedRootCA > 02 fa f3 e2 91 43 54 68 60 78 57 69 4d f5 e4 5b 68 85 18 68 </ TrustedRootCA > < TrustedRootCA > 97 81 79 50 d8 1c 96 70 cc 34 d8 09 cf 79 44 31 36 7e f4 74 </ TrustedRootCA > </ ServerValidation > < FastReconnect > true</ FastReconnect > < InnerEapOptional > false</ InnerEapOptional > < Eap xmlns = " http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1 " > < Type > 26</ Type > < EapType xmlns = " http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1 " > < UseWinLogonCredentials > false</ UseWinLogonCredentials > </ EapType > </ Eap > < EnableQuarantineChecks > false</ EnableQuarantineChecks > < RequireCryptoBinding > false</ RequireCryptoBinding > < PeapExtensions > < PerformServerValidation xmlns = " http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2 " > true</ PerformServerValidation > < AcceptServerName xmlns = " http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2 " > true</ AcceptServerName > </ PeapExtensions > </ EapType > </ Eap > </ Config > </ EapHostConfig > </ EAPConfig > </ OneX > </ security > </ MSM > </ WLANProfile >

Hi, Please check both the server and client sides and see if the following Group Policy setting is configured: Computer Configuration/Windows Settings/Security Settings/Wireless Network (IEEE 802.11) Policies For more information about this Group Policy setting, please refer to: Access Active Directory-based wireless network policies Activate Default Wireless Network (IEEE 802.11) Policies Hope this helps. Thanks. Nicholas Li - MSFT Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Please check both the server and client sides and see if the following Group Policy setting is configured: Computer Configuration/Windows Settings/Security Settings/Wireless Network (IEEE 802.11) Policies For more information about this Group Policy setting, please refer to: Access Active Directory-based wireless network policies Activate Default Wireless Network (IEEE 802.11) Policies Hope this helps. Thanks. Nicholas Li - MSFT Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.