Solved

Control which SSID or Wifi service laptop can connect to

Posted on 2016-09-07
4
114 Views
Last Modified: 2016-10-06
I'd like to control our corporate laptops such that they could only connect to our corporate
SSID / wireless service & not any other : is there any tool or hardening method that could
do this?

Our users are not granted local Admin rights.

Don't want them to connect to their phone's 4G or home Wifi but only our corporate
Wifi which they are forced to go thru our corporate's proxy when browsing the Net.

Also, don't want them to transfer data from their laptop to  a wireless HDD : currently
we block the USB port while LAN port setting is greyed out: they can't change LAN
port settings
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
footech earned 380 total points
ID: 41788409
Use Group Policy to define the wireless network they can connect to, and then check the boxes to block connecting to ad-hoc and infrastructure networks.  They should then only be able to connect to the defined network.  I did this as a test some time back and it worked (though it's not something I've implemented in production).
GP settings for WiFi
1
 
LVL 11

Assisted Solution

by:Ray
Ray earned 50 total points
ID: 41788456
I don't have a solution, but would like to point out that a savvy user could easily change their home network or wifi hard drive to use the same ssid as your company wireless.  Though, this is a good solution for most users.
0
 
LVL 40

Assisted Solution

by:footech
footech earned 380 total points
ID: 41788609
That might be true if the company uses a PSK (pre-shared key) for authentication instead of something like WPA-Enterprise where you'll be authenticating against a RADIUS server.  Then, all the settings will be defined and you won't be able to reconfigure them to connect to the home network using another authentication method (and even if they set up a RADIUS system at home, it wouldn't be the same).
1
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 70 total points
ID: 41788834
Footech is spot on. GPO is the way forward!  I've done it lots of times.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring Remote Assistance for use with SCCM
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question