Avatar of Diego B
Diego B
Flag for United States of America asked on

Locking down Wireless Profile

We have 2 wireless networks in our company, one hidden SSID which is the company network and the other one is the Public network for guests (not hidden) I have an employee that constantly keeps removing the wireless profile already set on her computer (the hidden one), after doing so she ends up connecting to our public Wi-Fi (not hidden) and keeps blaming that the computer is the problem. This is the 4th time that is happening and I need to "lock down" the actual profile hidden profile that was initially created so that she can't hit the "Remove" option on top but still be able to add other networks (e.g Starbucks, Hotel Wi-Fi) if she decides to take the work computer home or travel. Does anyone have any idea how to address this? Can GPO fix this or perhaps a PowerShell script can do the trick? I really need to grey out the

Grey Out or Block Remove Option
Active DirectoryWireless NetworkingWindows 7Network SecurityNetworking

Avatar of undefined
Last Comment
Craig Beck

8/22/2022 - Mon
Adam Brown

Go to this section of the registry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
and change the permissions on that folder and subfolders that denies delete permission to that user. She'll be able to create new profiles, but will not be able to delete any.
Diego B

ASKER
Testing as we speak... thank you so much!
SOLUTION
Craig Beck

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Diego B

ASKER
Adam any chance to revert back the permission issue in the registry? The implicit deny is there and now I can't revert the change.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Adam Brown

Unless you set deny all permission for the user's group (Which is not what I recommended), you should be able to open the folder and set the permission. Otherwise, you'll have to use PSExec or a similar utility to open Regedit in the System context to modify the permissions.
Diego B

ASKER
Craig you mentioned that GPO would be much easier than Adam's approach doing it through the Registry, can you please elaborate on the steps on how to do so?

thank you,
ASKER CERTIFIED SOLUTION
Craig Beck

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Diego B

ASKER
Thank you, Craig. Now if I use this GPO setting will the user be able to delete the profile or will it lock it down?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Craig Beck

Depending on how you configure the GPO you can choose how much control you want the user to have. You can lock it down if you choose.
Craig Beck

Best answer chosen