Block laptop and workstation from connecting to unsecured or open WiFi / SSID

doreenmolly · September 13, 2024, 2:51am

hi itarian support,

i want to set a control on my laptops and desktops not to connect to any Wi-Fi SSID which is marked as open or unsecured, in and outside the office network. please assist, thanks

nivedithab · September 16, 2024, 7:49am

hi @doreenmolly

could you please confirm if this requirement if for windows machines

nivedithab · September 16, 2024, 8:05am

hi @doreenmolly

Please refer to below script provided which could be used for your requirement

https://scripts.itarian.com/frontend/web/topic/script-to-allow-only-specific-wifi-connections

https://scripts.itarian.com/frontend/web/topic/script-to-block-and-hide-specific-wifi-connections-in-the-list-of-networks-available

doreenmolly · September 16, 2024, 9:31am

Hi, no this is not requirement. i have users who travels overseas and i need to control that they can only connect to wifi with “secured” connections and to block “open” and “unsecured” wifi connections.

nivedithab · September 16, 2024, 10:39am

this script allows you to set up wifi allowed connections only for the devices which are needed

doreenmolly · September 17, 2024, 11:46pm

yes but if we do this way, when users are outstation and staying in hotel - we cannot expect them to only be able to access “allowed” wifi. therefore, when they are at hotel or public spaces, it would be wise to allow them only to access “secured” wifi connections.

nivedithab · September 18, 2024, 1:06pm

This is the possibility which is could be used for your requirement as of now. You can request for this feature at our feedback page which our dev team will look into it Canny

RT-AMS-ITarian · September 20, 2024, 1:36pm

Hi @doreenmolly

By default our platform does not have the functionality to block wifi networks for Windows, but you can create procedures to do various blocking.

My colleague has provided scripts that allow you to control which networks to block or allow, but not a script to simply block “open” authentication types.

I have been looking around, and I’m not 100% sure if Microsoft have this as part of their command line or not, for instance here are a couple good resources I’ve been looking at on this

Having a look myself at the command I do not believe authentication is an option of this filter as not listed as shown below

This being say there is a potential that a script could be created that is run every couple minutes that scans for “open” networks and then blocks them. Below is a bit of PS code that lists all profiles (not networks) and their authentication, but a little alteration and additional code to block and this might be possible.

$profiles = (netsh wlan show profiles name=*) -match '\s{2,}:\s'

foreach ($line in $profiles) {
    $values = $line -split ":"
    $key = $values[0].trim()
    $value = $values[1].trim()
    if ($key -eq "name") {
        $currentProfile = $value
    }
    if ($key -eq "Authentication") {
        WRite-Host $currentProfile $value
    }
}