one of my current projects is to try to hide the WiFi password from the user in any way.
Our setup is: Deploystudio Image and DEP with PreStage Enrollments. The WiFi Setup with all SSIDs come from Casper - 3 different policies. Our students are local administrators on their own machines.
This is why they also can access the keychain.
1st I thought its hidden and not written to the keychain when I use just the Wifi Profile, but unfortunate it will be written to the keychain first time the SSID gets connected.
Is there a way to prevent the password to be written to the keychain? Or is there a way to make the entry unaccessable for the current logged in user but readable for the whatever process activates and connects to the Wifi?
@psliequ cool, oversaw this option. It works quite. But here comes my layciness: There is no option to disallow a specific app. In 9.96 i only can Allow apps, allow folders or disallow folders. I can you build a policy containing all allowed apps and have to modify it maybe if a new app comes in (will be a lot with our BYOD-Macs) or I disallow the Utilities folder. I tested the last solution and figured out: If you copy the keychain app (what is possible even if the launch of apps from Utilities folder is prohibited) to the applications folder you can open the copy.