Posted on 12-16-2020 05:34 AM
Hello,
Per an Info-Sec request I'm looking for a path to disable the ability to create Ad-Hoc Wi-Fi networks. Maybe this is scriptable. I'm not sure. Any suggestions would be appreciated.
Posted on 12-16-2020 10:02 PM
It's scriptable, but one thing is that in order to really block it, users cannot be local admins. A local admin can still create an adhoc network, since they are admins and have a lot of control.
As long as the end users of the Macs aren't admins, you can run this command to set the preferences to only allow admins to create them.
sudo /System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport prefs RequireAdminIBSS=YES
If you push this via Jamf then obviously drop the sudo since that's not needed.
IBSS
is the term for adhoc networks (Independent Basic Service Set), so in the above, we're using the airport
binary to set the prefs
to RequireAdminIBSS
to YES
If you want, you can just run the command ending with prefs
to see the current preferences before changing anything. You'll see RequireAdminIBSS=NO
in the list if it hasn't been already set. Then run the full command above, and then run it with just prefs again to see the change.
You should of course test this by logging into a standard account and trying to create a network. It should prompt you for admin credentials.
Hope that helps.