Disable Guest Networks: Mac

gquattro
New Contributor III

Hello,

We are looking to disable or even hide a guest network that appears on our organization's MacBooks. What is the best way to achieve this?

3 ACCEPTED SOLUTIONS

Hugonaut
Valued Contributor II

you could add this command to a script & run a policy at every check in from jamf - or create a launchagent that runs it however often you want

run an ifconfig to confirm the interface for your device, example below displays en1

networksetup -removepreferredwirelessnetwork en1 "SSID NAME TO REMOVE HERE"

this will at least remove it from an end users list, off the cuff can't recall a command to remove them from the wireless without first removing the ssid from the list & turning wifi off and on so they reconnect to a different known network. <-- if that were to occur & the end user realized it was only when they were on that guest network I bet they wouldn't connect again though!

will look for the command when I get a chance if nobody else posts a better alternative.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

View solution in original post

wdpickle
Contributor

We also use the above command. However, for our newer Airs we use en0,we have some older MacBooks that require us to use en1. I have 2 policies, one for each type of machine to make sure I get them all.

View solution in original post

patgmac
Contributor III

You could deploy a profile that ADDs the network, but give it the wrong password. Also I uncheck the “join automatically” box.

View solution in original post

9 REPLIES 9

Hugonaut
Valued Contributor II

you could add this command to a script & run a policy at every check in from jamf - or create a launchagent that runs it however often you want

run an ifconfig to confirm the interface for your device, example below displays en1

networksetup -removepreferredwirelessnetwork en1 "SSID NAME TO REMOVE HERE"

this will at least remove it from an end users list, off the cuff can't recall a command to remove them from the wireless without first removing the ssid from the list & turning wifi off and on so they reconnect to a different known network. <-- if that were to occur & the end user realized it was only when they were on that guest network I bet they wouldn't connect again though!

will look for the command when I get a chance if nobody else posts a better alternative.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

wdpickle
Contributor

We also use the above command. However, for our newer Airs we use en0,we have some older MacBooks that require us to use en1. I have 2 policies, one for each type of machine to make sure I get them all.

gquattro
New Contributor III

Thank you guys for the input, very helpful. Is this command used to remove it as a preferred network or will it hide it from the users? The problem we are having is, when users select the guest network, their wireless security profile changes and it creates a mess of networking issues.

patgmac
Contributor III

You could deploy a profile that ADDs the network, but give it the wrong password. Also I uncheck the “join automatically” box.

gquattro
New Contributor III

Thank you all, I think this is a good start. I will be working with our networking team today!

Hugonaut
Valued Contributor II

@gquattro You're welcome. Hope it helps!

@patgmac That is a great solution. Stored that trick in my back pocket for future usage! Very nice.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________


Virtual MacAdmins Monthly Meetup - First Friday, Every Month

jhalvorson
Valued Contributor

Anyone know of a script that can :
A) Detect which port is Wi-Fi (ie en0, en1, en2)
B) For that enX port, check If the enterprise SSID has been added, then can both set the order and delete other the name of other pre-determined unwanted SSID's.
C) If the enterprise SSID is not there, then don't remove any others.

sdagley
Esteemed Contributor II

@jhalvorson This script allows you to specify priority for specific SSIDs but doesn't delete any. I've had a report it doesn't work in Catalina, but I no longer work in an environment where I can use the script so I haven't looked to see if there's a solution for that.

#!/usr/bin/python

# As written, this requires the following:
# - OS X 10.6+ (has been reported working through 10.12.3)
# - python 2.6 or 2.7 (for collections.namedtuple usage, should be fine as default python in 10.6 is 2.6)
# - pyObjC (as such, recommended to be used with native OS X python install)

# Run with root

import objc, ctypes.util, os.path, collections
from Foundation import NSOrderedSet

# List of preferred SSIDs in priority order - edit/add/delete as needed
PreferredSSIDs = ["SSID_1", "SSID_2", "SSID_3"]

def load_objc_framework(framework_name):
    # Utility function that loads a Framework bundle and creates a namedtuple where the attributes are the loaded classes from the Framework bundle
    loaded_classes = dict()
    framework_bundle = objc.loadBundle(framework_name, bundle_path=os.path.dirname(ctypes.util.find_library(framework_name)), module_globals=loaded_classes)
    return collections.namedtuple('AttributedFramework', loaded_classes.keys())(**loaded_classes)

# Load the CoreWLAN.framework (10.6+)
CoreWLAN = load_objc_framework('CoreWLAN')

# Load all available wifi interfaces
interfaces = dict()
for i in CoreWLAN.CWInterface.interfaceNames():
    interfaces[i] = CoreWLAN.CWInterface.interfaceWithName_(i)

# Repeat the configuration with every wifi interface
for i in interfaces.keys():
    # Grab a mutable copy of this interface's configuration
    configuration_copy = CoreWLAN.CWMutableConfiguration.alloc().initWithConfiguration_(interfaces[i].configuration())
    # Find all the preferred/remembered network profiles
    profiles = list(configuration_copy.networkProfiles())
    # Grab all the SSIDs, in order
    SSIDs = [x.ssid() for x in profiles]
    # Loop through PreferredSSIDs list in reverse order sorting each entry to the front of profiles array so it
    # ends up sorted with PreferredSSIDs as the first items.
    # Order is preserved for other SSIDs, example where PreferredSSIDs is [ssid3, ssid4]:
    #    Original: [ssid1, ssid2, ssid3, ssid4]
    #   New order: [ssid3, ssid4, ssid1, ssid2]
    for aSSID in reversed(PreferredSSIDs):
        profiles.sort(key=lambda x: x.ssid() == aSSID, reverse=True)
    # Now we have to update the mutable configuration
    # First convert it back to a NSOrderedSet
    profile_set = NSOrderedSet.orderedSetWithArray_(profiles)
    # Then set/overwrite the configuration copy's networkProfiles
    configuration_copy.setNetworkProfiles_(profile_set)
    # Then update the network interface configuration
    result = interfaces[i].commitConfiguration_authorization_error_(configuration_copy, None, None)

jlockman
New Contributor II

Is there any harm in creating a policy with Files and Processes>Execute Command that removes the unwanted SSID from both en0 and en1? that way I don't have to create separate policies for different models. example below

networksetup -removepreferredwirelessnetwork en0 "SSID NAME TO REMOVE HERE" ; networksetup -removepreferredwirelessnetwork en1 "SSID NAME TO REMOVE HERE"