Need advice regarding Wireless Config Profile Removal or WiFi in General

Contributor III

We are experiencing an issue in our School District after we switch to EAP-TLS, we are using SecureW2. We have Unifi AC Lites, 1 AP Per classroom, only using 5GHZ in the classrooms, using VHT 80, set the channels properly and all signals on Low setting. I think the coverage is fine, but we are having trouble with MBA clients being slow to connect to WiFi after coming back from sleep. There will be a Red Dot next to the time telling me Directory Services is unavailable. It will take roughly 15 seconds for the red dot to go away, then after that, users can log in successfully. it is becoming an issue because of the users refusing to wait that long to log in (which I understand). I went to Unifi forums and it's very obvious this is a known issue, for 5 years now. So, what I'd like to do is to create a new SSID, use PSK with very strong Random Password. This will only go out via Script Policy and make it available to Self Service as well. I am trying to avoid using config profile for this. Next, I'd like to remove the EAP-TLS config profile to the clients that successfully connected to new SSID. My idea is to un scope these clients from the config profile. Create a Smart or Static Group for these clients, put the group in Excluded. Can you share a script that can put these clients to the group automatically? Thanks in advance.