Does anyone know if it is possible to add an SSID through jamf (profiles preferably, but even if it's a shell script, that would be fine) without them being added to the keychain? I want to have a secure network for all of our managed devices but not have our employees have the ability to go in to keychain and see what the credentials are.
For reasons that I won't get in to, most of our employees have to have admin accounts unfortunately.
@robby.barnes In short, No.
If they are admins then they can export/view items in the system keychain.
The only way might be to move to some 802.1x authentication, maybe using certs. As there is no password to connect, instead a cert is used. That cert is often issued via another profile.
I can't think of any way to do it that an admin user wouldn't be able to get access to. I was thinking along the lines of a separate keychain to store the credentials but the password used to unlock it would need to live somewhere.
802.1X is probably your best bet.
Alright, that's what I was thinking. Thanks guys
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.