Locking Down Wireless Settings

Ricky
Contributor

Hello All,

We have run into a situation where students learned they change the devices over to the Guest network, restart, and prevent other students from logging into the machine (802.1x network), and thus completing their school work. Obviously having several sites with this issue is problematic because it requires IT to be on site every couple of days.

How can we take the following settings and check them off?

ad23523ddb224e2dae3aa4524b5ba540

7 REPLIES 7

RobertBasil
Contributor

Why not just restrict the network settings in the system preferences?

dmohs
Contributor

I will leave the technical answer to others. However, I will comment about the behavior. Obviously these are shared devices, and therefore I assume each user has their own account. Upon a computer's failure, it should be possible to view the usage log and offer respective discipline to the student(s) responsible.

Ricky
Contributor

@RobertBasil How should I go about doing this?

RobertBasil
Contributor

mm2270
Legendary Contributor III

If you're asking how to enable/check those options, it has been posted on threads here before. Here is one recent one I posted to on how to do this: link

Nix4Life
Valued Contributor

@Ricky two quick things:

  1. If you use @RobertBasil method,don't forget your scoping and exclusions
  2. I personally prefer and use the method Mike(@mm2270) linked to as part of a first boot script and because sometimes profiles can get a little wonky

jared_f
Valued Contributor

@Ricky I was scrolling through JAMF Nation a few days ago and came across with wonderful script by @delbrown (thank you so much) to kick a computer back to the correct wireless when it is nearby. I have found it very handy and I am going to set it up so it runs at a network state change.

#!/bin/bash

# Monitor and Manage WiFi Networks                      
# Del Brown                                  
# 11/21/16                                
# delonline@icloud.com                     
#                                                            
# Begin Variable Definitions
#Replace WIFINAME with your school WiFi.  Leaving it empty will disconnect from any network.

WifiWhitelist="WIFINAME"

# End of Variable Definitions

# Begin Function Declarations
connect ()
{

for SchoolNetwork in $WifiWhitelist
    do
        #loop through whitelist and connect to whitelisted network found
        echo " Available Network ""$SchoolNetwork"
        networksetup -setairportnetwork en0 "$SchoolNetwork" &>/dev/null
    done
}

disconnect ()
{
echo "Time to disconnect"
# send disconnect command to en0
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -z
#exit 1
}

onSchoolNetwork ()
{
# test to see if the school network has been joined.  You can either use the networksetup command or the airport utility for this

MyWifi=`networksetup -getairportnetwork en0 | awk '{print $4}'`
#MyWifi=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport --getinfo | grep " SSID" | awk '{print $2}'`

# Call the disconnect function if a network outside of school is joined
for AllowedID in $WifiWhitelist
    do
        if [ "$AllowedID" == "$MyWifi" ]
            then # Asset is on the school network
            echo "I am connected to the School Network ""$AllowedID"
            exit 1  
        fi
    done

echo "Device is not connected to School Network so disconnect and reconnect to the school"
disconnect
connect
exit
}


atSchool ()
{
WifiAvailable=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -s | awk '{print $1}'`
# test to see if the Asset is at school by scanning for school networks and see if one is the school
for ScannedNetworks in $WifiAvailable
    do
        for SchoolNetwork in $WifiWhitelist
            do
                if [ "$SchoolNetwork" == "$ScannedNetworks" ]
                    then
                        AssetAtSchool="Yes"
                        echo "The Device is at school"
                        return
                fi
            done
    done
AssetAtSchool="No"
echo "asset is not at school so we don't care and we'll exit"
exit
}

# End Function Declarations

#########################

#program starts here
atSchool
onSchoolNetwork

Source: https://www.jamf.com/jamf-nation/discussions/22083/managing-wifi-on-macos

Jared