Help

Comprehensive SSID purging from Macs

AVmcclint
Honored Contributor

Posted on ‎05-27-2016 05:57 AM

Related to this discussion https://jamfnation.jamfsoftware.com/discussion.html?id=19092 but a little more specific to our needs:

We have our company WiFi that is joined by 802.1x and AD certificates via Configuration Policy pushed by JSS. Many laptop users will connect to dozens of other networks throughout their journeys. This list of "Preferred Networks" the computers remember can get quite long. One user had over 100 SSIDs! Having a lot of preferred networks can cause network connectivity weirdness. Purging all the non-company SSIDs will usually stabilize the connection. The problem was that I couldn't find a way to programmatically delete everything EXCEPT the company WiFi from the list... until now. Using the networksetup command to delete ALL SSIDs isn't a good idea because it disconnects the user and because we're using 802.1x tied to AD certs, it gets quite difficult for users to reconnect. 

#!/bin/bash

# SSIDS is the full list of every SSID the computer has in Preferred Networks
# CURRENTSSID is for whatever network the computer happens to be on at the
# time of running the script because we don't want to delete their current connection.

SSIDS=$(networksetup -listpreferredwirelessnetworks "en0" | sed '1d')
CURRENTSSID=$(networksetup -getairportnetwork "en0" | sed 's/^Current Wi-Fi Network: //')

# if you have other specific SSIDs you never want to delete, you could add them as additional elif $SSID == "whatever" lines below

while read -r SSID; do
  if [ "$SSID" == "Your Company Inc secure WiFi" ]; then 
    echo Skipping $SSID
  elif [ "$SSID" == "$CURRENTSSID" ]; then
    echo Skipping your current network $SSID
  else
    echo Deleting $SSID
    networksetup -removepreferredwirelessnetwork "en0" "$SSID"
  fi
done <<< "$SSIDS"

echo Done!

I uploaded the script to JSS and created a Self Service policy for users to run as needed. it seems to do a good job and has been tested under OSX 10.10.5 and 10.11.5. Fortunately all our Macs have the WiFi on "en0". If your Macs' WiFi is something other than en0, you may have to adjust the script accordingly.

Reply
2 REPLIES 2

davidacland
Honored Contributor II

Posted on ‎05-27-2016 07:45 AM

Oh dear, I just checked my Mac with the networksetup -listpreferredwirelessnetworks "en0" command and I've got 160.

Thanks for the script!

0 Kudos
Reply

stevewood
Honored Contributor II
Honored Contributor II

Posted on ‎05-27-2016 07:55 AM

Great idea. The only problem I have with this script, and I guess using it as a SS script and informing the users of such, is the removal of end-user's home wifi networks. Alerting them to this, and the fact that they'll need to re-add those networks after running this script is a solution to that.

Also, you can script the detection of the wifi port so you are not hard coding to "en0". These two snippets should suffice:

WIFI=$(/usr/sbin/networksetup -listnetworkserviceorder | /usr/bin/awk -F'\) ' '/Wi-Fi/ { printf $2 }')
wifiPort=`networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2`
Reply