Ok, so my friend and I managed to lock down the network pretty well with hopes of a more difficult challenge (having succeeded multiple times with WEP and WPA-PSK cracking).
I setup a Server (running server 03) with AD enabled for my machines. I turned on MAC address filtering on my crappy linksys router, with WPA-PSK encryption. However, I had my friend enter the password. I know the password is horribly complex (as the fellow is my IT partner) so a dictionary attack is out of the question. MAC address filtering is easy to get by. I had him also change the login and pass to the router.
Are my only options telnet under an anonymous account?
Or, for the windows side of things, is the saved WPA password associated with the AP in some sort of file that can be A: analyzed or B: decrypted (if encrypted)?
Any suggestions, or leads on a path to search down?