If the users don't have admin rights on the Mac, you can use the "Require administrator authorization to:" and select the "Change networks" located in Network settings-> Advanced.

@Johnny.Kim what would require you to do go through every laptop manually correct?

@EliasG you could create a configuration profile and restrict the Network preferences pane. As long as you have a config profile scoped to all the devices to connect to a specific network, this should work fine.

There's a way to set all those settings with command line options, maybe a way to do the same with a Config profile but I don't know. BTW, just restricting the Network Pref Pane will not be sufficient, because changing wireless networks can be done from the Wi-Fi menubar item if its there.

Let me look up the Terminal commands to set those options and post back. Unless someone beats me to it.

Ok, found it. Here's a command that will check the box in the Network Preference Pane > Advanced for Wi-Fi labeled

Require administrator authorization to: Change networks

sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport prefs RequireAdminNetworkChange=YES

As long as clients are not local admins, once that option is enabled, if they try to switch to another network than what they are configured to join thru a Config Profile, they'll get prompted to enter an admin password, which they won't have (hopefully)

A few other prefs you can set with the airport utility that may be interesting to you are:

RequireAdminIBSS Sets the option on to require admin to create new networks RequireAdminPowerToggle Sets the option on to require admin to turn Wi-Fi on or off

The only thing I'm not clear on is if a reboot is needed or log out/in to have the setting correctly apply. You'll have to experiment with that I guess. I don't know if its possible to have this setting included in a profile.

@Johnny.Kim @mm2270 Thanks for the help!

Sorry for not being more clear earlier.
I would still like them to be able to change network to f.e. their home wi-fi (if it has WPA2 protection)
Just not have them connect to any public / open wi-fi networks.

@chad.fox I've tried that, then we run into problems when teachers bring laptops home and can't join home wifi lol.