Jamf Nation Community

I can see this coming in hand with some students using their phones as hotspots for our school.

I do have one issue that seems to be coming up with this section:

Asset=`nvram asset-tag | awk '{print $2}'` #this is where I have stored the Asset Tag Info

It is giving me this error when I attempt to run the script:

bash-3.2$ Asset=nvram asset-tag | awk '{print $2}' #this is where I have stored the Asset Tag Info nvram: Error getting variable - 'asset-tag': (iokit/common) data was not found

Thanks @stevewood. I figured it out after I viewed it again.

@jjones That part references a variable in nvram where I used to store the devices asset tag to make it persistent after imaging. This was part of the "Other Discussion"

After looking at the unfinished nature of my original script. I found a little time and updated my original script to simplify the option and work on the updated macOS available. This script is ready to go. Just create a valid Launchd action and run the following:

#!/bin/bash

# Monitor and Manage WiFi Networks                      
# Del Brown                                  
# 11/21/16                                
# delonline@icloud.com                     
#                                                            
# Begin Variable Definitions
#Replace WIFINAME with your school WiFi.  Leaving it empty will disconnect from any network.

WifiWhitelist="WIFINAME"

# End of Variable Definitions

# Begin Function Declarations
connect ()
{

for SchoolNetwork in $WifiWhitelist
    do
        #loop through whitelist and connect to whitelisted network found
        echo " Available Network ""$SchoolNetwork"
        networksetup -setairportnetwork en0 "$SchoolNetwork" &>/dev/null
    done
}

disconnect ()
{
echo "Time to disconnect"
# send disconnect command to en0
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -z
#exit 1
}

onSchoolNetwork ()
{
# test to see if the school network has been joined.  You can either use the networksetup command or the airport utility for this

MyWifi=`networksetup -getairportnetwork en0 | awk '{print $4}'`
#MyWifi=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport --getinfo | grep " SSID" | awk '{print $2}'`

# Call the disconnect function if a network outside of school is joined
for AllowedID in $WifiWhitelist
    do
        if [ "$AllowedID" == "$MyWifi" ]
            then # Asset is on the school network
            echo "I am connected to the School Network ""$AllowedID"
            exit 1  
        fi
    done

echo "Device is not connected to School Network so disconnect and reconnect to the school"
disconnect
connect
exit
}


atSchool ()
{
WifiAvailable=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -s | awk '{print $1}'`
# test to see if the Asset is at school by scanning for school networks and see if one is the school
for ScannedNetworks in $WifiAvailable
    do
        for SchoolNetwork in $WifiWhitelist
            do
                if [ "$SchoolNetwork" == "$ScannedNetworks" ]
                    then
                        AssetAtSchool="Yes"
                        echo "The Device is at school"
                        return
                fi
            done
    done
AssetAtSchool="No"
echo "asset is not at school so we don't care and we'll exit"
exit
}

# End Function Declarations

#########################

#program starts here
atSchool
onSchoolNetwork

@delbrown Thanks! You just saved me some work.

OK, @delbrown , this looks exactly like what I need, but my complete lack of scripting knowledge is making this a challenge. I'd love some help if you have time! I get that I have to change the Wifi whitelist name to our student network name, but after that, I have no idea what pieces to copy, what pieces I need to edit...I've successfully pushed out some really basic scripts via Casper Remote, like the one that requires them to authenticate with admin credentials to turn off the wifi, but that was a one-line script I just had to copy/paste. :)

@lizmowens If you look at the original post by @delbrown at the top of this thread, you'll see that he shows both the .sh script that manages the WiFi settings (although the one you want to use is further down in the thread) and the .plist LaunchAgent that will trigger the script when the AirPort preferences file changes. You need to modify those for your environment and then create a package in Composer you can deploy to your student machines.

Search on Jamf Nation for LaunchAgent to find info on that topic.

You may also find this site useful: lauchd info

This is a very useful app for dealing with LaunchAgents/LaunchDaemons: LaunchControl

Thanks! amazing script, any ideas how can I modify the script if my SSID have a whitespace? e.g "STUDENT WIFI"
I tried to use or just but it doesn't seem to work

@j.tanudjaja I'm working on the same issue. I've made the following changes:
WifiDevice=$(networksetup -listnetworkserviceorder | grep 'Wi-Fi' | grep 'Device' | cut -d ":" -f3 | rev | cut -c 2- | rev | awk '{$2=$2}$1')
MyWifi=$(networksetup -getairportnetwork $WifiDevice | cut -d ":" -f2 | awk '{$2=$2}$1')
This gets the currently connected SSID. I need WifiDevice as some computers use en0 while others use en1.

WifiAvailable=$("/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport" -s | cut -d ":" -f1 | cut -d ")" -f2 | awk '{$2=$2}$1' | rev | cut -c 4- | rev | sort | uniq)
This gets a list of SSIDs and removes leading/trailing spaces and duplicates.

As we have multiple SSIDs, with spaces, that devices can connect to I'm looking into using an array for the WifiWhitelist. Should just need a change in the atSchool () function to work.

I've made modifications to Del Brown's script to support spaces in the SSIDs. Next is to force connection to a saved network profile while at school but that can wait for now.

#! /bin/bash
#########################################################################
#                                                                       #
#                           manage wifi networks                        #
#                                                                       #
#                                                                       #
#                                                                       #
#                             Del Brown                                 #
#                               2011                                    #
#                          delbrown@me.com                              #
#                                                                       #
#                                                                       #
#                                                                       #
#                                                                       #
#                                                                       #
#########################################################################
# Modified to support SSIDs with spaces BMull   10-Dec-2019

# Define Variables Here
# Set the approved Wireless Network Name(s) in the WifiWhitelist variable
# As we have spaces in SSIDs will use an array
declare -a WifiWhitelist
WifiWhitelist=("SSID 1" "SSID 2" "SSID 3" "SSID4")

########################### DO NOT MODIFY BELOW THIS LINE   ###############################
#check for current WiFi name
WifiDevice=$(networksetup -listnetworkserviceorder | grep 'Wi-Fi' | grep 'Device' | cut -d ":" -f3 | rev | cut -c 2- | rev | awk '{ gsub(/^[ 	]+|[ 	]+$/, ""); print }')
MyWifi=$(networksetup -getairportnetwork $WifiDevice | cut -d ":" -f2 | awk '{ gsub(/^[ 	]+|[ 	]+$/, ""); print }')

# Needed below to work with SSIDs with spaces in arrays; MUST be after WifiDevice/MyWifi or will get an error
SAVEIFS=$IFS
IFS=$(echo -en "
")

apPath="/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources"
declare -a WifiAvailable
WifiAvailable=( $("$apPath/airport" -s | cut -d ":" -f1 | cut -d ")" -f2 | awk '{ gsub(/^[ 	]+|[ 	]+$/, ""); print }' | rev | cut -c 4- | rev | sort | uniq | tr "
" "
") )

# Get Working Directory
WorkDir=$(dirname "$0")

# End of Variable Definitions

########################### Functions ###########################

disconnect ()
{
# Notify user that the network is not approved and disconnect from the wireless network.
./BigHonkingText "$MyWifi is not an approved Network"
$apPath/airport -z
}

atSchool ()
{
# test to see if the Asset is at school by scanning for school networks and see if one is the school
for ScannedNetworks in "${WifiAvailable[@]}"
    do
        for SchoolNetwork in "${WifiWhitelist[@]}"
            do
                if [ "$ScannedNetworks" == "$SchoolNetwork" ]
                    then
                        AssetAtSchool="Yes"
                        return
                fi
            done
    done
AssetAtSchool="No"
return
}

onSchoolNetwork ()
{
# test to see if the school network has been joined.  
# Call the disconnect function if a network outside of school is joined
for AllowedID in "${WifiWhitelist[@]}"
    do
        if [ "$AllowedID" == "$MyWifi" ]
            then # Asset is on the school network
            IFS=$SAVEIFS
            exit 0 
        fi
    done
disconnect
IFS=$SAVEIFS
exit 2
}

########################### End Functions ############################

# Change to Working Directory
cd "$WorkDir" || return

# Is the Asset at school?
atSchool

if [ "$AssetAtSchool" == "Yes" ]
    then
        echo "Asset is at School..."
        # Is the Asset on the School Network
        onSchoolNetwork
fi

# If we get here then the computer is at home...or cannot connect to the school network

# Everything is good and we can exit
echo "Everything is A-OK"

IFS=$SAVEIFS

exit 1

Could someone please help with this? like @lizmowens I'm a little lost ... I copied the script with our own WiFiWhitelist variables and converted the plist using plutil and put it in /Library/LaunchAgents yet it doesn't seem to work. My apologies, I'm such a novice with this stuff