you could add this command to a script & run a policy at every check in from jamf - or create a launchagent that runs it however often you want

run an ifconfig to confirm the interface for your device, example below displays en1

networksetup -removepreferredwirelessnetwork en1 "SSID NAME TO REMOVE HERE"

this will at least remove it from an end users list, off the cuff can't recall a command to remove them from the wireless without first removing the ssid from the list & turning wifi off and on so they reconnect to a different known network. <-- if that were to occur & the end user realized it was only when they were on that guest network I bet they wouldn't connect again though!

will look for the command when I get a chance if nobody else posts a better alternative.

We also use the above command. However, for our newer Airs we use en0,we have some older MacBooks that require us to use en1. I have 2 policies, one for each type of machine to make sure I get them all.

Thank you guys for the input, very helpful. Is this command used to remove it as a preferred network or will it hide it from the users? The problem we are having is, when users select the guest network, their wireless security profile changes and it creates a mess of networking issues.

You could deploy a profile that ADDs the network, but give it the wrong password. Also I uncheck the “join automatically” box.

Thank you all, I think this is a good start. I will be working with our networking team today!

@gquattro You're welcome. Hope it helps!

@patgmac That is a great solution. Stored that trick in my back pocket for future usage! Very nice.

Anyone know of a script that can :
A) Detect which port is Wi-Fi (ie en0, en1, en2)
B) For that enX port, check If the enterprise SSID has been added, then can both set the order and delete other the name of other pre-determined unwanted SSID's.
C) If the enterprise SSID is not there, then don't remove any others.

@jhalvorson This script allows you to specify priority for specific SSIDs but doesn't delete any. I've had a report it doesn't work in Catalina, but I no longer work in an environment where I can use the script so I haven't looked to see if there's a solution for that.

#!/usr/bin/python

# As written, this requires the following:
# - OS X 10.6+ (has been reported working through 10.12.3)
# - python 2.6 or 2.7 (for collections.namedtuple usage, should be fine as default python in 10.6 is 2.6)
# - pyObjC (as such, recommended to be used with native OS X python install)

# Run with root

import objc, ctypes.util, os.path, collections
from Foundation import NSOrderedSet

# List of preferred SSIDs in priority order - edit/add/delete as needed
PreferredSSIDs = ["SSID_1", "SSID_2", "SSID_3"]

def load_objc_framework(framework_name):
    # Utility function that loads a Framework bundle and creates a namedtuple where the attributes are the loaded classes from the Framework bundle
    loaded_classes = dict()
    framework_bundle = objc.loadBundle(framework_name, bundle_path=os.path.dirname(ctypes.util.find_library(framework_name)), module_globals=loaded_classes)
    return collections.namedtuple('AttributedFramework', loaded_classes.keys())(**loaded_classes)

# Load the CoreWLAN.framework (10.6+)
CoreWLAN = load_objc_framework('CoreWLAN')

# Load all available wifi interfaces
interfaces = dict()
for i in CoreWLAN.CWInterface.interfaceNames():
    interfaces[i] = CoreWLAN.CWInterface.interfaceWithName_(i)

# Repeat the configuration with every wifi interface
for i in interfaces.keys():
    # Grab a mutable copy of this interface's configuration
    configuration_copy = CoreWLAN.CWMutableConfiguration.alloc().initWithConfiguration_(interfaces[i].configuration())
    # Find all the preferred/remembered network profiles
    profiles = list(configuration_copy.networkProfiles())
    # Grab all the SSIDs, in order
    SSIDs = [x.ssid() for x in profiles]
    # Loop through PreferredSSIDs list in reverse order sorting each entry to the front of profiles array so it
    # ends up sorted with PreferredSSIDs as the first items.
    # Order is preserved for other SSIDs, example where PreferredSSIDs is [ssid3, ssid4]:
    #    Original: [ssid1, ssid2, ssid3, ssid4]
    #   New order: [ssid3, ssid4, ssid1, ssid2]
    for aSSID in reversed(PreferredSSIDs):
        profiles.sort(key=lambda x: x.ssid() == aSSID, reverse=True)
    # Now we have to update the mutable configuration
    # First convert it back to a NSOrderedSet
    profile_set = NSOrderedSet.orderedSetWithArray_(profiles)
    # Then set/overwrite the configuration copy's networkProfiles
    configuration_copy.setNetworkProfiles_(profile_set)
    # Then update the network interface configuration
    result = interfaces[i].commitConfiguration_authorization_error_(configuration_copy, None, None)

Is there any harm in creating a policy with Files and Processes>Execute Command that removes the unwanted SSID from both en0 and en1? that way I don't have to create separate policies for different models. example below

networksetup -removepreferredwirelessnetwork en0 "SSID NAME TO REMOVE HERE" ; networksetup -removepreferredwirelessnetwork en1 "SSID NAME TO REMOVE HERE"