?
Solved

Locking down Wireless Profile

Posted on 2016-08-02
10
Medium Priority
?
51 Views
Last Modified: 2016-09-10
We have 2 wireless networks in our company, one hidden SSID which is the company network and the other one is the Public network for guests (not hidden) I have an employee that constantly keeps removing the wireless profile already set on her computer (the hidden one), after doing so she ends up connecting to our public Wi-Fi (not hidden) and keeps blaming that the computer is the problem. This is the 4th time that is happening and I need to "lock down" the actual profile hidden profile that was initially created so that she can't hit the "Remove" option on top but still be able to add other networks (e.g Starbucks, Hotel Wi-Fi) if she decides to take the work computer home or travel. Does anyone have any idea how to address this? Can GPO fix this or perhaps a PowerShell script can do the trick? I really need to grey out the

Grey Out or Block Remove Option
0
Comment
Question by:Diego B
  • 4
  • 4
  • 2
10 Comments
 
LVL 44

Expert Comment

by:Adam Brown
ID: 41739705
Go to this section of the registry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
and change the permissions on that folder and subfolders that denies delete permission to that user. She'll be able to create new profiles, but will not be able to delete any.
1
 

Author Comment

by:Diego B
ID: 41739721
Testing as we speak... thank you so much!
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 2000 total points (awarded by participants)
ID: 41739806
You can do this with GPO. It works much better than editing the registry and can force the client to oy connect to certain SSIDs while denying access to others.
1
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 

Author Comment

by:Diego B
ID: 41739950
Adam any chance to revert back the permission issue in the registry? The implicit deny is there and now I can't revert the change.
0
 
LVL 44

Expert Comment

by:Adam Brown
ID: 41740017
Unless you set deny all permission for the user's group (Which is not what I recommended), you should be able to open the folder and set the permission. Otherwise, you'll have to use PSExec or a similar utility to open Regedit in the System context to modify the permissions.
0
 

Author Comment

by:Diego B
ID: 41747373
Craig you mentioned that GPO would be much easier than Adam's approach doing it through the Registry, can you please elaborate on the steps on how to do so?

thank you,
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 2000 total points (awarded by participants)
ID: 41747531
Sure can.

Have a look at this great article which shows you the steps...

http://www.petenetlive.com/KB/Article/0000923
0
 

Author Comment

by:Diego B
ID: 41747798
Thank you, Craig. Now if I use this GPO setting will the user be able to delete the profile or will it lock it down?
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 41765888
Depending on how you configure the GPO you can choose how much control you want the user to have. You can lock it down if you choose.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 41792433
Best answer chosen
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question