Skip to main content
ForgetItNet
ForgetItNet
Explorer II
August 28, 2025
Question

Push Pre-Shared key via GPO

  • August 28, 2025
  • 5 replies
  • 1421 views

Hi all,

 

We don't have EMS and I've managed to push out a new IPSEC connection to the machines via group policy but obviously as the pre-shared key is encrypted it then creates a random one on each machine so has anyone found a way to do this using group policy at all. We are using the free VPN from Fortinet and not the Windows native one.

Thanks

5 replies

funkylicious
SuperUser
funkylicious
SuperUser
August 28, 2025

you might try and do a import of xml configuration from a existing working one via cli ( script it ) of the VPN Profile with the necessary settings

"jack of all trades, master of none"
ForgetItNet
ForgetItNetAuthor
Explorer II
August 28, 2025

I saw someone else say that but is this the "backup" config you mean (as that comes out as a .conf file) and then convert that to an XML or is there a way to export it as an XML to begin with?

ForgetItNet
ForgetItNetAuthor
Explorer II
August 28, 2025

Got it, that's imported the settings but they key is still wrong... there is a "preshared_key" line on the XML with a long string starting ENCx and then \preshared_key at the end but it doesn't look as though i can just put the pre-shared key in here instead unless i'm adding it wrong on here ?

funkylicious
SuperUser
funkylicious
SuperUser
August 28, 2025

it means that its encrypted, the FortiClient will pass on the correct/cleartext one if it was typed correctly, to the FortiGate.

"jack of all trades, master of none"
ForgetItNet
ForgetItNetAuthor
Explorer II
August 28, 2025

When you say "pass on" do you mean that i should be able to put it in the XML and import it or do you mean if I then manually edit the connection within FortiClient AFTER it's imported ?

Thanks

dougb84
dougb84
New Member
February 1, 2026

Has anyone been able to do this? I am struggled to push the preshared key via GPO.

Terms & ConditionsAccessibility statement