Hello,
We are looking to disable or even hide a guest network that appears on our organization's MacBooks. What is the best way to achieve this?
Solved
Disable Guest Networks: Mac
+3Best answer by Hugonaut
you could add this command to a script & run a policy at every check in from jamf - or create a launchagent that runs it however often you want
run an ifconfig to confirm the interface for your device, example below displays en1
networksetup -removepreferredwirelessnetwork en1 "SSID NAME TO REMOVE HERE"this will at least remove it from an end users list, off the cuff can't recall a command to remove them from the wireless without first removing the ssid from the list & turning wifi off and on so they reconnect to a different known network. <-- if that were to occur & the end user realized it was only when they were on that guest network I bet they wouldn't connect again though!
will look for the command when I get a chance if nobody else posts a better alternative.
+15you could add this command to a script & run a policy at every check in from jamf - or create a launchagent that runs it however often you want
run an ifconfig to confirm the interface for your device, example below displays en1
networksetup -removepreferredwirelessnetwork en1 "SSID NAME TO REMOVE HERE"this will at least remove it from an end users list, off the cuff can't recall a command to remove them from the wireless without first removing the ssid from the list & turning wifi off and on so they reconnect to a different known network. <-- if that were to occur & the end user realized it was only when they were on that guest network I bet they wouldn't connect again though!
will look for the command when I get a chance if nobody else posts a better alternative.
+10We also use the above command. However, for our newer Airs we use en0,we have some older MacBooks that require us to use en1. I have 2 policies, one for each type of machine to make sure I get them all.
+3Thank you guys for the input, very helpful. Is this command used to remove it as a preferred network or will it hide it from the users? The problem we are having is, when users select the guest network, their wireless security profile changes and it creates a mess of networking issues.
+9You could deploy a profile that ADDs the network, but give it the wrong password. Also I uncheck the “join automatically” box.
+15
Anyone know of a script that can :
A) Detect which port is Wi-Fi (ie en0, en1, en2)
B) For that enX port, check If the enterprise SSID has been added, then can both set the order and delete other the name of other pre-determined unwanted SSID's.
C) If the enterprise SSID is not there, then don't remove any others.
+25@jhalvorson This script allows you to specify priority for specific SSIDs but doesn't delete any. I've had a report it doesn't work in Catalina, but I no longer work in an environment where I can use the script so I haven't looked to see if there's a solution for that.
#!/usr/bin/python
# As written, this requires the following:
# - OS X 10.6+ (has been reported working through 10.12.3)
# - python 2.6 or 2.7 (for collections.namedtuple usage, should be fine as default python in 10.6 is 2.6)
# - pyObjC (as such, recommended to be used with native OS X python install)
# Run with root
import objc, ctypes.util, os.path, collections
from Foundation import NSOrderedSet
# List of preferred SSIDs in priority order - edit/add/delete as needed
PreferredSSIDs = ["SSID_1", "SSID_2", "SSID_3"]
def load_objc_framework(framework_name):
# Utility function that loads a Framework bundle and creates a namedtuple where the attributes are the loaded classes from the Framework bundle
loaded_classes = dict()
framework_bundle = objc.loadBundle(framework_name, bundle_path=os.path.dirname(ctypes.util.find_library(framework_name)), module_globals=loaded_classes)
return collections.namedtuple('AttributedFramework', loaded_classes.keys())(**loaded_classes)
# Load the CoreWLAN.framework (10.6+)
CoreWLAN = load_objc_framework('CoreWLAN')
# Load all available wifi interfaces
interfaces = dict()
for i in CoreWLAN.CWInterface.interfaceNames():
interfaces[i] = CoreWLAN.CWInterface.interfaceWithName_(i)
# Repeat the configuration with every wifi interface
for i in interfaces.keys():
# Grab a mutable copy of this interface's configuration
configuration_copy = CoreWLAN.CWMutableConfiguration.alloc().initWithConfiguration_(interfaces[i].configuration())
# Find all the preferred/remembered network profiles
profiles = list(configuration_copy.networkProfiles())
# Grab all the SSIDs, in order
SSIDs = [x.ssid() for x in profiles]
# Loop through PreferredSSIDs list in reverse order sorting each entry to the front of profiles array so it
# ends up sorted with PreferredSSIDs as the first items.
# Order is preserved for other SSIDs, example where PreferredSSIDs is [ssid3, ssid4]:
# Original: [ssid1, ssid2, ssid3, ssid4]
# New order: [ssid3, ssid4, ssid1, ssid2]
for aSSID in reversed(PreferredSSIDs):
profiles.sort(key=lambda x: x.ssid() == aSSID, reverse=True)
# Now we have to update the mutable configuration
# First convert it back to a NSOrderedSet
profile_set = NSOrderedSet.orderedSetWithArray_(profiles)
# Then set/overwrite the configuration copy's networkProfiles
configuration_copy.setNetworkProfiles_(profile_set)
# Then update the network interface configuration
result = interfaces[i].commitConfiguration_authorization_error_(configuration_copy, None, None)Is there any harm in creating a policy with Files and Processes>Execute Command that removes the unwanted SSID from both en0 and en1? that way I don't have to create separate policies for different models. example below
networksetup -removepreferredwirelessnetwork en0 "SSID NAME TO REMOVE HERE" ; networksetup -removepreferredwirelessnetwork en1 "SSID NAME TO REMOVE HERE"Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.