Solved

Control which SSID or Wifi service laptop can connect to

Posted on 2016-09-07
4
104 Views
Last Modified: 2016-10-06
I'd like to control our corporate laptops such that they could only connect to our corporate
SSID / wireless service & not any other : is there any tool or hardening method that could
do this?

Our users are not granted local Admin rights.

Don't want them to connect to their phone's 4G or home Wifi but only our corporate
Wifi which they are forced to go thru our corporate's proxy when browsing the Net.

Also, don't want them to transfer data from their laptop to  a wireless HDD : currently
we block the USB port while LAN port setting is greyed out: they can't change LAN
port settings
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
footech earned 380 total points
ID: 41788409
Use Group Policy to define the wireless network they can connect to, and then check the boxes to block connecting to ad-hoc and infrastructure networks.  They should then only be able to connect to the defined network.  I did this as a test some time back and it worked (though it's not something I've implemented in production).
GP settings for WiFi
1
 
LVL 11

Assisted Solution

by:Ray
Ray earned 50 total points
ID: 41788456
I don't have a solution, but would like to point out that a savvy user could easily change their home network or wifi hard drive to use the same ssid as your company wireless.  Though, this is a good solution for most users.
0
 
LVL 40

Assisted Solution

by:footech
footech earned 380 total points
ID: 41788609
That might be true if the company uses a PSK (pre-shared key) for authentication instead of something like WPA-Enterprise where you'll be authenticating against a RADIUS server.  Then, all the settings will be defined and you won't be able to reconfigure them to connect to the home network using another authentication method (and even if they set up a RADIUS system at home, it wouldn't be the same).
1
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 70 total points
ID: 41788834
Footech is spot on. GPO is the way forward!  I've done it lots of times.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question