Control which SSID or Wifi service laptop can connect to

I'd like to control our corporate laptops such that they could only connect to our corporate
SSID / wireless service & not any other : is there any tool or hardening method that could
do this?

Our users are not granted local Admin rights.

Don't want them to connect to their phone's 4G or home Wifi but only our corporate
Wifi which they are forced to go thru our corporate's proxy when browsing the Net.

Also, don't want them to transfer data from their laptop to  a wireless HDD : currently
we block the USB port while LAN port setting is greyed out: they can't change LAN
port settings
sunhuxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

footechCommented:
Use Group Policy to define the wireless network they can connect to, and then check the boxes to block connecting to ad-hoc and infrastructure networks.  They should then only be able to connect to the defined network.  I did this as a test some time back and it worked (though it's not something I've implemented in production).
GP settings for WiFi
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RayData AnalystCommented:
I don't have a solution, but would like to point out that a savvy user could easily change their home network or wifi hard drive to use the same ssid as your company wireless.  Though, this is a good solution for most users.
0
footechCommented:
That might be true if the company uses a PSK (pre-shared key) for authentication instead of something like WPA-Enterprise where you'll be authenticating against a RADIUS server.  Then, all the settings will be defined and you won't be able to reconfigure them to connect to the home network using another authentication method (and even if they set up a RADIUS system at home, it wouldn't be the same).
1
Craig BeckCommented:
Footech is spot on. GPO is the way forward!  I've done it lots of times.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.