Prevent Access To Certain Wi-Fi Network SSIDs Via Bash Script
In enterprise environments, there is often an open guest network and a secured enterprise network. Often, you do not want users to connect to the guest network because it is throttled down and does not grant access to organizational network resources. Below is a script that can be run as a Launch Daemon, which will turn the wireless off and display a dialog if a user connects to the wrong network.
#!/bin/bash undesiredNetwork="Undesired-SSID" wifi=$(networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2) ssid=$(networksetup -getairportnetwork $wifi | cut -d " " -f 4) case $ssid in "$undesiredNetwork") echo "Switching off PatientWifi SSID..." networksetup -setairportpower $wifi off networksetup -removepreferredwirelessnetwork $wifi $ssid osascript -e 'tell application "System Events" to display alert "blah blah blah" as critical' ;; esac
You can also require a password to change networks with this command:
/usr/libexec/airportd prefs RequireAdminNetworkChange=YES RequireAdminIBSS=YES