Hi,
Is it possible to delete SSIDs via script that have not been connected to over 30 days? if so, can someone assist?
We are trying to see if we can make a self service policy so employees can execute it as needed
Thank you,
Page 1 / 1
Im not sure if you can with a MDM client like JAMF. At least not without a deep understanding of scripting and macOS event logging, because you will need to dig this information out of macOS's Unified Logging. You would really want to redirect macOS Logs to a SIEM with a tool like JAMF Protect, and have filters to trigger things from that data with API.
- networksetup - listpreferredwirelessnetworks en0 will list all of the saved wireless networks. However this contains no data as to when the networks were used last.
- log show --predicate 'eventMessage contains "AirPort" or eventMessage contains "en0: Wi-Fi is connected"' --info --last 1m will list logging events for the wifi adapter, you will see network connect and disconnects as service "Network Configuration Change". From here you would need to find associated logs to identify which network was connected to or disconnected from. From here it goes off pretty deep in to the weeds and beyond what I would want to do with JAMF Pro or any MDM client.
- From here you can dig deeper in to event logs, and running the log show --predicate 'eventMessage contains "AirPort" or eventMessage contains "setJoinEvent: Disassociating from"' --info --last 1m command will tell you when an network was disconnected from last.
Assuming you could get the scripting together. Running this as a policy is risky depending on how far you want to check back in the logs as the policy could easily time out. In my example log commands I am only looking back 1 minute, you would want this to look back fairly far. I hope this gets you moving in the direction you need.
I would suggest letting users handle this themselves with the macOS GUI. Having old saved networks really does not hurt anything.
Im not sure if you can with a MDM client like JAMF. At least not without a deep understanding of scripting and macOS event logging, because you will need to dig this information out of macOS's Unified Logging. You would really want to redirect macOS Logs to a SIEM with a tool like JAMF Protect, and have filters to trigger things from that data with API.
- networksetup - listpreferredwirelessnetworks en0 will list all of the saved wireless networks. However this contains no data as to when the networks were used last.
- log show --predicate 'eventMessage contains "AirPort" or eventMessage contains "en0: Wi-Fi is connected"' --info --last 1m will list logging events for the wifi adapter, you will see network connect and disconnects as service "Network Configuration Change". From here you would need to find associated logs to identify which network was connected to or disconnected from. From here it goes off pretty deep in to the weeds and beyond what I would want to do with JAMF Pro or any MDM client.
- From here you can dig deeper in to event logs, and running the log show --predicate 'eventMessage contains "AirPort" or eventMessage contains "setJoinEvent: Disassociating from"' --info --last 1m command will tell you when an network was disconnected from last.
Assuming you could get the scripting together. Running this as a policy is risky depending on how far you want to check back in the logs as the policy could easily time out. In my example log commands I am only looking back 1 minute, you would want this to look back fairly far. I hope this gets you moving in the direction you need.
I would suggest letting users handle this themselves with the macOS GUI. Having old saved networks really does not hurt anything.
I had to write something like that a few years ago. This script is runs via Self-Service with applescript dialog and will have the user remove the SSIDs one by one and keep the company SSID, but could be used as a starting point
#!/bin/sh
echo "Running Remove SSID"
WIFI=$(osascript -e 'set T to text returned of (display dialog "Enter the name of the Wi-Fi SSID that is to be removed:" buttons {"Cancel", "OK"} default button "OK" default answer "")')
echo "$WIFI"
if [ "$WIFI" == "companySSID" ]; then
dialog="$WIFI cannot be removed. Please make sure to choose a SSID other than $WIFI"
echo "$dialog"
cmd="Tell app \\"System Events\\" to display dialog \\"$dialog\\""
/usr/bin/osascript -e "$cmd"
exit 1
else
#Let's remove the SSID
/usr/bin/sudo networksetup -removepreferredwirelessnetwork en0 $WIFI
fi
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.