Link to home
Create AccountLog in
Avatar of Y Y
Y Y

asked on

How to stop employees from connecting to a different SSID?

Hello Experts!


We have two SSIDs. 

1. GUEST

This is for employees' cell phones, and visitors. No Internet access restrictions. Employees all know the security key.

 2. PROD

This is for some production computers. Restrictions are set, which only allow access to certain websites. 


We found employees quietly switch to GUEST when working on production computers to have fun online.


How can this be stopped?


Thanks!

ASKER CERTIFIED SOLUTION
Avatar of ITguy565
ITguy565
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of slightwv (䄆 Netminder)
slightwv (䄆 Netminder)

Put out a corporate policy stating that anyone caught using production computers on the Guest network will be fired.

After the first or second firing, it should stop.
Avatar of Y Y

ASKER

😄 sorry, we can't do that 😄

i would set up 2 different pc's one with guest account, and one with prod

that should be easy, since you have already one setup

Avatar of Y Y

ASKER

@nobus, sorry, I don't get your point. Can you explain a bit?

You could use a (computer) GPO to block that guest SSID.

SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.

when the accounts are on different pc's - you can protest them with different passwords

Avatar of Y Y

ASKER

right, I should look into GPO first; it's easier


SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of Y Y

ASKER

wow, very thoughtful!

If computer GPO is where the setting is configured it’s no issue if the user connects before login, or disables the NIC.


I’ve done it with GPO for literally thousands of devices this way with no issues.

If the AD can not be located. wpuld the GPO apply?
Avatar of Y Y

ASKER

If AD can't be located, GPO will not apply, but the existing settings will stay and users can't make changes to them via editing local policies because they do not have admin right on their computers. 
https://sdmsoftware.com/general-stuff/what-does-group-policy-do-when-it-cant-contact-a-dc/

SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.

GPOs already downloaded still apply.