Help

Preventing Admin Users from Removing Network SSID on Managed Macs

Go to solution
feolaney
New Contributor II

Posted on ‎04-18-2024 08:45 AM

I'm looking for the best way to prevent all Mac users with local admin privileges from removing a wireless/wired profile and SSID configuration for a specific wireless/wired network.

The goal is to ensure that the wireless network settings are enforced and cannot be modified or removed by the end-users, even if they have admin access on their Macs.

Is this possible?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mm2270
Legendary Contributor III

Posted on ‎04-18-2024 12:58 PM

I don't think there's a way to do that. Even using the 

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport prefs commands I don't think that button can be locked down. And even if you could, those prefs are only to prevent non-admins from adjusting any of the settings in Wi-Fi, and since you mentioned these are admin level users... honestly you're really looking at removing admin rights from users to prevent this. I know that's much easier said than done, but I suspect there won't be any other way.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
pete_c
Contributor III

Posted on ‎04-18-2024 09:05 AM

Deploy a computer-level configuration profile with a Wi-Fi payload.  Test first and don’t delete the payload without adjusting scope to None first, as always.

0 Kudos

Go to solution
feolaney
New Contributor II

Posted on ‎04-18-2024 11:54 AM

Tried this, pushed a computer level configuration profile with a Wi-Fi payload.  Removing it is prevented UNLESS the user is connected to it, then they can click "Forget this Network" and have it removed.

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎04-18-2024 12:58 PM

I don't think there's a way to do that. Even using the 

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport prefs commands I don't think that button can be locked down. And even if you could, those prefs are only to prevent non-admins from adjusting any of the settings in Wi-Fi, and since you mentioned these are admin level users... honestly you're really looking at removing admin rights from users to prevent this. I know that's much easier said than done, but I suspect there won't be any other way.

0 Kudos