Hiding the wifi settings questions

birdn
birdn used Ask the Experts™
on
Hi,

I would like to prevent users from selecting a guest network that resides close by our operations.  Our users are mobile, and the mobile devices are always connected to the enterprise wireless SSID.  However, some users are tempted to try and connect to the guest network of a nearby business.  In doing so it causes some pains when trying to reconnect to the enterprise network, and any remote support.

With that in mind I would like to "hide" the networking icon through some sort of registry update - if possible.  However, I'm open to other suggestions but they would have to be limited to changes on the local device.  I wouldn't be able to use a solution that requires making an update to the enterprise environment.  For example, creating/modifying an OU, introducing a 3rd party solution, system wide group policy changes, etc.

All mobile devices use OS WIN 7 and WIN 10.
Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Because you do not know what to hide, there is really no way to do what you want, else you could never connect.

Train users to use your system, not someone else's, and the extra costs that go along with them doing the wrong thing.

Put a batch file on the desktop to connect to you (NETSH WLAN commands).
David FavorLinux/LXD/WordPress/Hosting Savant
Distinguished Expert 2018

Commented:
Good question.

There's no way to "hide" any network.

You might try setting up a 802.11n or 802.11g network of the exact same name.

If your network has a stronger signal strength, (n + g are higher than ac) then most people will likely connect to the highest strength network.

If you're really serious about hiding this network, you can likely purchase a jammer + locate it outside the radius of your networks + inside the radius of the other network. Likely this will cause many problems for people close to the jammer though.

Maybe you can state why you care about someone else's network being accessed.

Likely providing your reason, may produce better answers.
Distinguished Expert 2018
Commented:
In an AD environment, you would use GPO (most ideal): http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-blackwhite-list-wireless-networks-in-vista-windows-7/

Another option would be to use the netsh command: https://mywindowshub.com/add-remove-wireless-network-allowed-blocked-filter-list-windows-10/

Bear in mind that if users have admin rights (and are savvy), they could undo the blacklisting command.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

what vendor WLAN infra you are using? Aruba, cisco has option to hide ssid.
David FavorLinux/LXD/WordPress/Hosting Savant
Distinguished Expert 2018

Commented:
@Sandeep, this only hides SSIDs you manage, not random SSIDs outside your control.

Likely good for author to clarify this...

When you say, "I would like to prevent users from selecting a guest network that resides close by our operations", state whether this guest network is under your control or is outside your control.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I think you might go nuts trying to exclude Wi-Fi points.

You want them to use your wireless.
They will have home wireless.
Wireless at their cottage.
Wireless when they go to your meeting.

Train your users.

Author

Commented:
Hi everyone,

Regarding the Wlan infrastructure question, we are trying to prevent users from selecting nearby open wifi Guest network - like a Dunkin Donuts or Starbucks Guest wifi.

The reason we want to try and hide these networks is merely due to security reasons.  We've got a number of features in place on the local device which prevent online access (ie, browsing websites, etc) using any wifi network other than the corporate environment, but we're researching options that would "hide" any other wifi other than ours.

The batch file and white/black through GPO may be the best solution given some of the limitations I've supplied.

Thanks everyone for their input.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
People may need these wireless access points while meeting people you want them to meet.

Author

Commented:
Hi John,

Thanks for point that out.

The mobile devices we use for this purpose never leave campus.  Think of a pharmacy inside Target.  The pharmacy operations supplied/managed/supported mobile devices never leave the walls confined inside their space, and are usually accounted for at the end of the day.

Management and executives are excluded from the scenario I've described above.  We've supplied a different set of devices (with a different layer of security) for those users who are mobile inside/outside the corporate space.

Thanks.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Thanks for the update. Laptops we use (all my clients) are not subject to that restriction.
Distinguished Expert 2018

Commented:
If you ONLY need it to connect to just that wireless network, you could blacklist ALL wireless networks, then whitelist what you want to allow. I assume the wireless coverage is sufficient for where the devices need to go. Just see the second link in my previous comment.

Obviously my comments are assuming that these are Windows devices. A little more information might help give you a better response.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial