Locking down Wireless Profile

We have 2 wireless networks in our company, one hidden SSID which is the company network and the other one is the Public network for guests (not hidden) I have an employee that constantly keeps removing the wireless profile already set on her computer (the hidden one), after doing so she ends up connecting to our public Wi-Fi (not hidden) and keeps blaming that the computer is the problem. This is the 4th time that is happening and I need to "lock down" the actual profile hidden profile that was initially created so that she can't hit the "Remove" option on top but still be able to add other networks (e.g Starbucks, Hotel Wi-Fi) if she decides to take the work computer home or travel. Does anyone have any idea how to address this? Can GPO fix this or perhaps a PowerShell script can do the trick? I really need to grey out the

Grey Out or Block Remove Option
Diego BIT Analyst IIAsked:
Who is Participating?
 
Craig BeckConnect With a Mentor Commented:
Sure can.

Have a look at this great article which shows you the steps...

http://www.petenetlive.com/KB/Article/0000923
0
 
Adam BrownSr Solutions ArchitectCommented:
Go to this section of the registry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
and change the permissions on that folder and subfolders that denies delete permission to that user. She'll be able to create new profiles, but will not be able to delete any.
1
 
Diego BIT Analyst IIAuthor Commented:
Testing as we speak... thank you so much!
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
Craig BeckConnect With a Mentor Commented:
You can do this with GPO. It works much better than editing the registry and can force the client to oy connect to certain SSIDs while denying access to others.
1
 
Diego BIT Analyst IIAuthor Commented:
Adam any chance to revert back the permission issue in the registry? The implicit deny is there and now I can't revert the change.
0
 
Adam BrownSr Solutions ArchitectCommented:
Unless you set deny all permission for the user's group (Which is not what I recommended), you should be able to open the folder and set the permission. Otherwise, you'll have to use PSExec or a similar utility to open Regedit in the System context to modify the permissions.
0
 
Diego BIT Analyst IIAuthor Commented:
Craig you mentioned that GPO would be much easier than Adam's approach doing it through the Registry, can you please elaborate on the steps on how to do so?

thank you,
0
 
Diego BIT Analyst IIAuthor Commented:
Thank you, Craig. Now if I use this GPO setting will the user be able to delete the profile or will it lock it down?
0
 
Craig BeckCommented:
Depending on how you configure the GPO you can choose how much control you want the user to have. You can lock it down if you choose.
0
 
Craig BeckCommented:
Best answer chosen
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.