Jamf Nation Community

lsv · ‎07-07-2023

I was wondering if anyone has found a solution that allows users to connect to any wireless network they would like, as long as it meets certain security requirements (particularly a password).

I know there are ways that you can lock down the network settings completely, but we want to be able to give our users some autonomy while ensuring they aren't joining open networks.

sdagley · ‎07-07-2023

@lsv You could have a script triggered by a LaunchDaemon that periodically checks to see if a Wi-Fi connection is active and what the Security mode is (the command "/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I" will show you the stats for the current Wi-Fi connection) and if it doesn't meet your requirements delete the SSID from the Preferred Network list using "networksetup -removepreferredwirelessnetwork <hardwareport> <SSID_Name>" (you may also need to cycle the Wi-Fi power using the -setairportpower option to force the disconnect). You'd also want to notify the user why they were disconnected.

lsv · ‎07-13-2023

Ahhh interesting approach, I may play around and see what I can come up with, thank you!

sdagley · ‎07-13-2023

In a previous job when working in EDU I utilized a script triggered by a LaunchDaemon which would look to see if the campus network SSID was the active SSID. If it wasn't but the SSID was visible the preferred network list was sorted to ensure the campus SSID was 1st then the Wi-Fi power was re-cycled to force a re-connect to the campus SSID. This was done to prevent students from using their phones as a hotspot to connect to an open network. Unfortunately that script isn't one I thought to preserve when I left that job.

Jamf Nation Community

Preventing users from joining open wifi networks