Prevent wireless network access Windows 7


Recommended Posts

We have a setup with one of our customers that has two wireless networks. One is a wireless network that employees connect to that is on the domain. The second wireless network is a free standing router that is used for free access for customers at the site. The free standing router is setup with a Static IP from a block of IP addresses that is completely off the domain.

 

We have a webfilter that restricts access to everyone but a specific set of users. The free wireless network is nonfiltered for customer use. What we believe is happening is that the employees are switching to the free wireless to check filtered websites, but by doing so, they are off the domain network and the network specific application no longer functions. Obviously switching back fixes it, but the employees apparently do not know how to switch back and it is causing a headache from an administrative standpoint.

 

My question is, how can I configure the user accounts within Windows to only connect to one specific wireless network?  I looked at the wireless router and their is mac filtering to block the devices. The only way to block is via IP, but since it's a different network completely, it won't work.

 

Any ideas? Thank you kindly.

Link to comment
Share on other sites

You could script it and have it run at login so a restart or logoff and login would remedy the issue. Short of that setting a key would fix the issue, don't give company users the key.

Link to comment
Share on other sites

You could script it and have it run at login so a restart or logoff and login would remedy the issue. Short of that setting a key would fix the issue, don't give company users the key.

 

Unfortunately, not giving the employees the key is not possible as the customers will ask them for the key which is readily accessible.

Link to comment
Share on other sites

You can block access to specific SSID via setting on the OS with netsh, I assume you are windows 7 at work? This can also be done via a group policy.

Here in example I blocked testssid

post-14624-0-85793100-1383660509.png

This should prevent your users from switching over to this network.

Link to comment
Share on other sites

You can block access to specific SSID via setting on the OS with netsh, I assume you are windows 7 at work? This can also be done via a group policy.

Here in example I blocked testssid

attachicon.gifcanalsobedonegp.png

This should prevent your users from switching over to this network.

 

Oh neat! Yes, we are running Windows 7 Pro. I will give that a shot and see. Thanks!

Link to comment
Share on other sites

  • 3 weeks later...

You can block access to specific SSID via setting on the OS with netsh, I assume you are windows 7 at work? This can also be done via a group policy.

Here in example I blocked testssid

attachicon.gifcanalsobedonegp.png

This should prevent your users from switching over to this network.

 

This worked. Thank you kindly!

 

Do you have the command to re-enable it? I tried changing the permission=block to permission=allow and it said it was already on the block list. Thanks!

Link to comment
Share on other sites

to remove it would be simple as same command with delete vs add, so in my example

netsh wlan delete filter permission=block ssid=testssid networktype=infrastructure

Link to comment
Share on other sites

to remove it would be simple as same command with delete vs add, so in my example

netsh wlan delete filter permission=block ssid=testssid networktype=infrastructure

 

Awesome. Thank you again Budman.

Link to comment
Share on other sites

You can whitelist and block wireless networks via GPO.

 

Computer Configuration > Policies > Windows Settings > Security Settings > Wireless Network (IEEE 802.11) Policies

Click on ?Action? in the menu and then click on ?Create A New Wireless Network Policy for Windows Vista and Later Releases?.

Now give the give the setting a Policy Name and Description. Ensure that the ?Use Windows WLAN AutoCOnfig service for clients? is ticked so that Windows does not allow third-party software to control the wireless network adapter (e.g. Intel Wireless LAN configuration Tool).

Now click on the Network Permission Tab and click ?Add??

 

Type in the name of the SSID you want to black list (e.g. ?customer-wifi?) then select the type of Network Type (e.g. Infrastructure) and select "Deny? from the Permission type then click ?OK?

 

Or Type in the name of the SSID you want to white list (e.g. ?company-wifi?) then select the type of Network Type (e.g. Infrastructure) and select "Allow? from the Permission type then click ?OK?

Tick ?Prevent connections to ad-hoc networks? and tick ?Prevent connections to infrastructure networks? then click ?OK?

Link to comment
Share on other sites

This topic is now closed to further replies.