Link to home
Start Free TrialLog in
Avatar of CHI-LTD
CHI-LTDFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Minimum security requirements for WiFi in GPO

Hi

We are using group policy settings for WiFi cards.   We would like to restrict the type of WiFi connection type they can use e.g. unsecured, WEP, but allow WPA & WPA2.

Is this possible?

Thanks
Avatar of masnrock
masnrock
Flag of United States of America image
I get what you want to do and why, but I do not believe you can make that type of restriction. But I would never recommend it anyway, because you have no control over other networks AND you would prevent users from connecting to wireless networks at places like coffee shops, which is going to result in a lot ofncalls.

However, you can restrict types of networks via GPO. For example, you can allow connections to only infrastructure mode networks. That will prevent connections to a number of rogue networks.
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

However, you can restrict types of networks via GPO. For example, you can allow connections to only infrastructure mode networks. That will prevent connections to a number of rogue networks. - Have you more info on this?

I've also disabled the Wifi Sense, good option?
Avatar of masnrock
masnrock
Flag of United States of America image
Yes, that is a great one to have disabled. As well as any other feature that overshares data.
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

If i enable prevent connections to infrastructure networks; this will disable access to all other wifi SSIDs outside of the one is have configured, right?
Avatar of masnrock
masnrock
Flag of United States of America image
You want to prevent connections to ad-hoc networks, not infrastructure ones. Infrastructure networks involve connections to things like access points.

There is a way to allow connections to only a certain set of networks. However, that is going to harm anyone who works remotely, so I would think very carefully before considering that.
Avatar of yo_bee
yo_bee
Flag of United States of America image
As others stated that it you would not be a good idea to prevent this. Leave coffee shops and other public access out of the mix, most hotels and airlines use a unsecure connection with a form authentication to access the network.  You would be opening up another set of things you would have to deal with if you prevent None Secure networks.  

If you only want to have computers connect to your infrastructure you can prevent users  with the setting "Only use Group Policy profiles for allowed networks".

Computer Configuration  > Windows Setting > Security Settings  > Wireless Network > Create a profile > Network Permissions
https://technet.microsoft.com/en-us/library/dd183634(v=ws.10).aspx
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

heres our existing, which only allows the two we have added in the GPO.
Current.jpg
ASKER CERTIFIED SOLUTION
Avatar of masnrock
masnrock
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Any better?
I can now access other wifi spots.
wifi-2.jpg
SOLUTION
Avatar of masnrock
masnrock
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial