- Join Windows 11 to an Active Directory domain - Thu, Jun 1 2023
- Change Windows network profiles between public and private - Wed, May 24 2023
- How to map a network drive with PowerShell - Wed, May 17 2023
If you only want to read the WPA key of the currently connected WLAN, you can do so via the Network and Sharing Center.
Show WiFi passwords
In the Network and Sharing Center, click the WiFi connection. In the Wi-Fi Status dialog box, click the Wireless Properties button, and then switch to the Security tab. By selecting the Show characters checkbox, you can make the password visible.
This procedure works for Windows 10 and 11, but if you want to read the passwords for all saved connections, this method is useless.
Exploring WLAN keys on the command line
In this case, Windows offers only a tool for the command line, namely, netsh.exe. Unlike the GUI, it does not require elevated privileges for extracting saved WPA keys.
With the show parameter, this utility displays only the properties of a single profile. You have to specify its name when invoking it:
netsh wlan show profile name=<SSID> key=clear | findstr /i "SSID key"
Although you can automate the retrieval of all passwords via PowerShell by iterating over all connections, it is easier to use the netsh.exe export function. It writes all the settings of each profile in a separate XML file so that you can then transfer them to another computer:
netsh wlan export profile key=clear folder=.\profiles
In this example, netsh.exe saves the settings of all profiles into the profiles directory. This must exist; it is not created automatically. If you omit the Folder parameter, netsh.exe stores the XML files in the current directory.
You can display the keys with
findstr /i "<keyMaterial" .\profiles\*.xml
In PowerShell, you can extract the keys from the XML files with
select-string -Path .\profiles\*.xml -Pattern "<keyMaterial"
Transfer profiles to another PC
To transfer profiles to another PC, copy the XML files to the target computer, and execute a command like this:
netsh wlan add profile filename="<XML-filename>" user=current
However, this will only allow you to import one profile at a time. If you want to import several profiles at once, you can use a loop in the command prompt:
for %a in (*.xml) do netsh wlan add profile filename="%a"
In PowerShell, the same command looks like this:
Get-ChildItem *.xml | foreach {netsh wlan add profile filename="$_."}
If you omit the key=clear parameter when exporting, the tool will write the encrypted passwords to the XML files. Attempting to import the profile on a different PC will then fail because each computer uses a different key for encryption, and so the target computer won't be able to decrypt the keys.
The above example uses the parameter user=current, so that the profiles are only imported for the currently logged-in user. If you omit it, the import will be done for all accounts.
Another condition for a successful import is, of course, that there is a WLAN interface on the computer. You can verify this with the following:
netsh.exe wlan show interfaces | findstr /i "name"
If you have several of them, you can specify the one for the import using the interface parameter:
netsh wlan add profile filename=MyWi-Fi.xml interface="Wi-Fi"
Alternative methods
If you prefer to use PowerShell instead of the relatively cumbersome netsh.exe utility, you will need an external module.
If you want to avoid the command line altogether, you can use free GUI tools. WirelessKeyView or NetSetMan will get the job done.
Summary
The export function of netsh.exe writes entire Wifi profiles into separate XML files. From there, you can transfer them to another computer, provided you have saved the passwords in plain text.
Subscribe to 4sysops newsletter!
If you only need to view the passwords of individual connections, you can use the netsh.exe show parameter. However, if you want to display the keys of all profiles, then exporting is the simplest method.