CHI-LTD
asked on
Minimum security requirements for WiFi in GPO
Hi
We are using group policy settings for WiFi cards. We would like to restrict the type of WiFi connection type they can use e.g. unsecured, WEP, but allow WPA & WPA2.
Is this possible?
Thanks
We are using group policy settings for WiFi cards. We would like to restrict the type of WiFi connection type they can use e.g. unsecured, WEP, but allow WPA & WPA2.
Is this possible?
Thanks
ASKER
However, you can restrict types of networks via GPO. For example, you can allow connections to only infrastructure mode networks. That will prevent connections to a number of rogue networks. - Have you more info on this?
I've also disabled the Wifi Sense, good option?
I've also disabled the Wifi Sense, good option?
Yes, that is a great one to have disabled. As well as any other feature that overshares data.
ASKER
If i enable prevent connections to infrastructure networks; this will disable access to all other wifi SSIDs outside of the one is have configured, right?
You want to prevent connections to ad-hoc networks, not infrastructure ones. Infrastructure networks involve connections to things like access points.
There is a way to allow connections to only a certain set of networks. However, that is going to harm anyone who works remotely, so I would think very carefully before considering that.
There is a way to allow connections to only a certain set of networks. However, that is going to harm anyone who works remotely, so I would think very carefully before considering that.
As others stated that it you would not be a good idea to prevent this. Leave coffee shops and other public access out of the mix, most hotels and airlines use a unsecure connection with a form authentication to access the network. You would be opening up another set of things you would have to deal with if you prevent None Secure networks.
If you only want to have computers connect to your infrastructure you can prevent users with the setting "Only use Group Policy profiles for allowed networks".
Computer Configuration > Windows Setting > Security Settings > Wireless Network > Create a profile > Network Permissions
https://technet.microsoft.com/en-us/library/dd183634(v=ws.10).aspx
If you only want to have computers connect to your infrastructure you can prevent users with the setting "Only use Group Policy profiles for allowed networks".
Computer Configuration > Windows Setting > Security Settings > Wireless Network > Create a profile > Network Permissions
https://technet.microsoft.com/en-us/library/dd183634(v=ws.10).aspx
ASKER
heres our existing, which only allows the two we have added in the GPO.
Current.jpg
Current.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
However, you can restrict types of networks via GPO. For example, you can allow connections to only infrastructure mode networks. That will prevent connections to a number of rogue networks.