Prevent the connection to a wifi network via GPO

by luca
0 comment

Today I was asked to prevent the corporate laptops from connecting to a particular wifi network.

With the use of a group policy (GPO) it is possible to define a blacklist of SSID; let’s see how to do that…

Create a new policy and expand the node Computer Configuration – Policies – Windows Settings – Security Settings

Right-click on Wireless Network (IEEE 802.11) Policies and choose Create A New Wireless Network Policy for Windows Vista and Later Releases (if your clients still run Windows XP, choose the other option):

wifi-blacklist

Give the policy a name and verify that the option Use Windows WLAN AutoConfig service for clients is checked: this option prevent the use of a thirt-party program to configure the wireless card (a such program won’t observe the policy we’re configuring):

wifi-blacklist2

Switch to the Network Permissions tab and click on Add…:

wifi-blacklist3

Type the SSID to be blocked, choose Deny as permission and confirm with OK:

wifi-blacklist4

We can change other settings: for example you can choose to prevent the creation and the connection to ad-hoc networks (that is a direct connection between two clients, without an access point) and to completely hide the SSID that are blocked:

wifi-blacklist5

When the policy is applied to the clients, users won’t be able to connect anymore to the network with the blacklisted SSID:

wifi-blacklist7

 

 

 

Related Posts

Leave a Comment

11 + fourteen =