Remove SSID's from lists.

technicholas
Contributor

We have staff members clicking on our guest network. I would like to find a script that removes the guest network from the network connections lists. I believe its called the perferred network list. Is there any way we can do this?

1 ACCEPTED SOLUTION

mfennelly
New Contributor III

We had (have) the same problem. It is a one line command:

networksetup -removepreferredwirelessnetwork en1 "Your Wireless Network Name"

I have it running once a day.

View solution in original post

13 REPLIES 13

mfennelly
New Contributor III

We had (have) the same problem. It is a one line command:

networksetup -removepreferredwirelessnetwork en1 "Your Wireless Network Name"

I have it running once a day.

mscottblake
Valued Contributor
networksetup -removepreferredwirelessnetwork device SSID

Device name will likely be en1, but it's not guaranteed. If you need to make a script for various hardware, I would recommend finding the device name and storing it as a variable.

#!/bin/sh

wservice=`/usr/sbin/networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)'`
device=`/usr/sbin/networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2`

networksetup -removepreferredwirelessnetwork "$device" SSID

technicholas
Contributor

Thanks guys! I will try this!

Nicholas

technicholas
Contributor

Works great I deployed it and it looks like a lot of machines got the network removed, BUT I am still having people stay connected after the script has ran, I think I need to find a way for it to bounce the airport if they are connected to the guest network. hmm.

david_yenzer
Contributor II

When I manually remove a wireless network, I delete it from both the preferred list (Sys Pref > Network > WiFi > Advanced) and the keychain. Is it possible a piece is still in the keychain in this instance that allows the device to still connect?

mscottblake
Valued Contributor

I haven't tested this, but it should work.

#!/bin/sh

ssid="GUEST_WIRELESS_SSID"
wservice=`networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)'`
device=`networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2`
current=`networksetup -getairportnetwork "$device" | sed -e 's/^.*: //'`

networksetup -removepreferredwirelessnetwork "$device" "$ssid"

if [[ "$current" -eq "$ssid" ]] then
    networksetup -setairportpower "$device" off
    networksetup -setairportpower "$device" on
fi

Chris_Hafner
Valued Contributor II

There's yet another one that we've been trying. We created a profile that included all the available SSID's on campus and their passwords. Then I set only the one SSID I want that group on and check off "Auto Join" and disabled it for the others. This way the computers all recognize the available SSID's but don't display them as if the are new. On top of that every time the unit searches for an SSID it will only connect to the one you've told it to auto-join. It's been working great for us so far.

AVmcclint
Honored Contributor

I've been looking for something like this for a while. It almost does what we need. We are using a 802.1x configuration policy to let the computers on the LAN and WiFi. Our users do tend to connect to a lot of outside networks as they travel and over time the list builds up - eventually causing problems. Normal procedure is to just purge all the non-company related SSIDs, but the users can't do this themselves so I authenticate as the admin user and manually do this. I'd like to make a Self Service item that users can run themselves. The problem is that networksetup -removeallpreferredwirelessnetworkappears to only remove ALL networks (including the ones you need to keep) and networksetup -removepreferredwirelessnetwork removes ONLY the ones you specify. Removing ALL SSIDs including the one for 802.1x is problematic in that it requires extra steps and admin rights to connect again. Is there a way to have networksetup remove everything BUT a specified SSID?
--Secondary question: I've noticed that en0 and en1 assignments are different across different hardware configurations. Can I specify "Wi-Fi" instead of "en0" or "en1" when running these commands so it won't matter network device WiFi is? (I would just try it and see, but I don't have any test machines with different hardware configurations handy at the moment)

bpavlov
Honored Contributor

@AVmcclint A1. Get a list of all preferred wireless networks from the computer, put it into an array, then run a loop against each wireless network in that array where IF the network is NOT equal to network you wish to keep then remove it using the "networksetup -removepreferredwirelessnetwork" command. Hope that gets you started.

A2. Depending on the OS, I believe it may also be named AirPort. I would like to say with certainty that 10.7 and later all say Wi-Fi, but can't be sure on that. I would just get the oldest OS you support and see what the wireless comes up as.

Sean_Ginn
New Contributor II

Is there anyway to retool this for Applescript?

#!/bin/sh

wservice=`/usr/sbin/networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)'`
device=`/usr/sbin/networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2`

networksetup -removepreferredwirelessnetwork "$device" SSID

This is exactly what I am looking for, "THANK YOU", but I can't get this working with AppleScript because of the double quotes. The only way I know to get this to run is by creating a "text.sh" and then calling upon in from the Applescript, which isn't feasible since the location will always be different. Any advice?

bentoms
Release Candidate Programs Tester

@Sean_Ginn Double quotes & other escape characters in AppleScript just need a in front.

So the above would be something like:

wservice=`/usr/sbin/networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)'`
device=`/usr/sbin/networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2`

networksetup -removepreferredwirelessnetwork "$device" SSID

Although that'll not work, but might give you an idea...

Maybe post your AppleScript here or in the #applescript channel in the macadmins.org Slack.

Sean_Ginn
New Contributor II

@bentoms Thank you for the response.

I am writing an AppleScript that will delete out all SSIDs from the preferred networks, turn airport power off and on, delete out MDM profiles and then re-enroll. The last half of the script is working perfectly, but I am stuck with this section here which is very large and unable to determine which en Airport|Wifi is on. I am sure I could do all of this with a shell script, but I want to be able to offer our users an easy way to do this without requiring terminal knowledge or access.

set AirportOff_en1 to "networksetup -setairportpower en1 off"
set AirportOn_en1 to "networksetup -setairportpower en1 on"
set AirportOff_en0 to "networksetup -setairportpower en0 off"
set AirportOn_en0 to "networksetup -setairportpower en0 on"
set DeleteSSID_en1 to "networksetup -removeallpreferredwirelessnetworks en1"
set DeleteSSID_en0 to "networksetup -removeallpreferredwirelessnetworks en0"

do shell script DeleteSSID-en1 with administrator privileges
do shell script AirportOff
delay 1.0
do shell script AirportOn

I could create different options for the user to be able to choose which one they need for that machine, but i'm not sure how to present the Shell output to the user in a display box.

ie. Is it en1 then choose this and if it's not then choose this...

Sean_Ginn
New Contributor II

I just wanted to post the Apple Script friendly version of the above script.

set wservice to do shell script "/usr/sbin/networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)'"
set wservice2 to "/" & wservice & "/,/Ethernet Address/"
set deviceid to do shell script "/usr/sbin/networksetup -listallhardwareports | awk " & quoted form of wservice2 & " | awk 'NR==2'" & " | cut -c9-11"

do shell script "networksetup -removepreferredwirelessnetwork " & deviceid & " SSID"

I had to take out the delimiter and just cut the awk output to only display "en1" or "en0" of "Device: En1". Hope that helps anyone interested.