Prevent Access To Certain Wi-Fi Network SSIDs Via Bash Script

In enterprise environments, there is often an open guest network and a secured enterprise network.  Often, you do not want users to connect to the guest network because it is throttled down and does not grant access to organizational network resources.  Below is a script that can be run as a Launch Daemon, which will turn the wireless off and display a dialog if a user connects to the wrong network.


wifi=$(networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2)
ssid=$(networksetup -getairportnetwork $wifi | cut -d " " -f 4)

case $ssid in
echo "Switching off PatientWifi SSID..."
networksetup -setairportpower $wifi off
networksetup -removepreferredwirelessnetwork $wifi $ssid
osascript -e 'tell application "System Events" to display alert "blah blah blah" as critical'

You can also require a password to change networks with this command:

/usr/libexec/airportd prefs RequireAdminNetworkChange=YES RequireAdminIBSS=YES