Today I was asked to prevent the corporate laptops from connecting to a particular wifi network.
With the use of a group policy (GPO) it is possible to define a blacklist of SSID; let’s see how to do that…
Create a new policy and expand the node Computer Configuration – Policies – Windows Settings – Security Settings
Right-click on Wireless Network (IEEE 802.11) Policies and choose Create A New Wireless Network Policy for Windows Vista and Later Releases (if your clients still run Windows XP, choose the other option):
Give the policy a name and verify that the option Use Windows WLAN AutoConfig service for clients is checked: this option prevent the use of a thirt-party program to configure the wireless card (a such program won’t observe the policy we’re configuring):
Switch to the Network Permissions tab and click on Add…:
Type the SSID to be blocked, choose Deny as permission and confirm with OK:
We can change other settings: for example you can choose to prevent the creation and the connection to ad-hoc networks (that is a direct connection between two clients, without an access point) and to completely hide the SSID that are blocked:
When the policy is applied to the clients, users won’t be able to connect anymore to the network with the blacklisted SSID: