Jamf Nation Community

Dylan_YYC · ‎03-20-2018

Hey guys,

We have about 100 MBP laptops that are available for student use. They are AD bound with no mobile profiles and we are running into issues where the wifi on the laptops is turned off or changed to another network. ive used the restriction in the system preferences, but they can still click on the icon in the top bar and change anything.

Id love to hear what you guys have done to work on this.

amoscaritola · ‎03-20-2018

You can create a policy with a script like this which requires admin authorization to change networks or turn off the wifi

#!/bin/bash

#Require Admin authentication to "create computer-to-computer networks", "Change Networks", "Turn Wi-Fi on or off"

/usr/libexec/airportd prefs RequireAdminIBSS=YES RequireAdminNetworkChange=YES RequireAdminPowerToggle=YES

exit 0

View solution in original post

mm2270 · ‎03-20-2018

There are a few existing threads that discuss a way to do this, but it requires that the students do not have local admin rights or they can bypass the setting. Here are 2 threads that discuss how to use the airport binary to control those options

https://www.jamf.com/jamf-nation/discussions/23847/ability-to-disable-turn-wi-fi-off
https://www.jamf.com/jamf-nation/discussions/14603/delete-or-block-create-network-or-computer-to-com...

Dylan_YYC · ‎03-20-2018

@mm2270 awesome thank you. Our student do not have admin right so that should make like easier.

amoscaritola · ‎03-20-2018

You can create a policy with a script like this which requires admin authorization to change networks or turn off the wifi

#!/bin/bash

#Require Admin authentication to "create computer-to-computer networks", "Change Networks", "Turn Wi-Fi on or off"

/usr/libexec/airportd prefs RequireAdminIBSS=YES RequireAdminNetworkChange=YES RequireAdminPowerToggle=YES

exit 0

Jamf Nation Community

lockout all network control on student laptops