Help

Block public wi-fi networks

mikevos
New Contributor III

Posted on ‎11-20-2015 03:45 AM

Hi All,

Is there a way for the JSS to help me block all public / open wi-fi networks?
We do not want our devices to join them (OS X and iOS).

I have not found it, but maybe you guys can help :).

0 Kudos
Reply
7 REPLIES 7

Johnny_Kim
Contributor II

Posted on ‎11-20-2015 05:09 AM

If the users don't have admin rights on the Mac, you can use the "Require administrator authorization to:" and select the "Change networks" located in Network settings-> Advanced.

26e83067a3f5489096c40f701e4f966c

0 Kudos
Reply

EliasG
Contributor

Posted on ‎11-20-2015 08:14 AM

@Johnny.Kim what would require you to do go through every laptop manually correct?

0 Kudos
Reply

chad_fox
Contributor II

Posted on ‎11-20-2015 08:19 AM

@EliasG you could create a configuration profile and restrict the Network preferences pane. As long as you have a config profile scoped to all the devices to connect to a specific network, this should work fine.

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎11-20-2015 08:21 AM

There's a way to set all those settings with command line options, maybe a way to do the same with a Config profile but I don't know. BTW, just restricting the Network Pref Pane will not be sufficient, because changing wireless networks can be done from the Wi-Fi menubar item if its there.

Let me look up the Terminal commands to set those options and post back. Unless someone beats me to it.

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎11-20-2015 08:55 AM

Ok, found it. Here's a command that will check the box in the Network Preference Pane > Advanced for Wi-Fi labeled

Require administrator authorization to: Change networks
sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport prefs RequireAdminNetworkChange=YES

As long as clients are not local admins, once that option is enabled, if they try to switch to another network than what they are configured to join thru a Config Profile, they'll get prompted to enter an admin password, which they won't have (hopefully)

A few other prefs you can set with the airport utility that may be interesting to you are:

RequireAdminIBSS Sets the option on to require admin to create new networks RequireAdminPowerToggle Sets the option on to require admin to turn Wi-Fi on or off

The only thing I'm not clear on is if a reboot is needed or log out/in to have the setting correctly apply. You'll have to experiment with that I guess. I don't know if its possible to have this setting included in a profile.

0 Kudos
Reply

mikevos
New Contributor III

Posted on ‎11-20-2015 09:57 AM

@Johnny.Kim @mm2270 Thanks for the help!

Sorry for not being more clear earlier.
I would still like them to be able to change network to f.e. their home wi-fi (if it has WPA2 protection)
Just not have them connect to any public / open wi-fi networks.

0 Kudos
Reply

EliasG
Contributor

Posted on ‎11-20-2015 10:30 AM

@chad.fox I've tried that, then we run into problems when teachers bring laptops home and can't join home wifi lol.

0 Kudos
Reply