How to completely block specific Wi-Fi SSID on macOS?

macos wifi

Solution 1:

There's no blacklist function (that I know of) but there are a couple of simple workarounds

Restrict to Admins Only

Your first option would be to set up networking and restrict it so only Admins can join networks (Network Settings >> WiFi Adapter >> Advanced)

enter image description here

The caveat here is that the user can no longer be an admin.

Progmatically remove network

Your second option is to have a terminal command run periodically:

networksetup -removepreferredwirelessnetwork en1 SSID

If the SSID doesn't exist, it will just error out without any issues. If it does exist, it will remove it from the preferred (saved) network.

You could put this is a simple bash script

#!/bin/bash

SSID=MyBannedSSID

net=$(networksetup -listpreferredwirelessnetworks en1 | grep ${SSID} | cut -f2)
ap=$(networksetup -getairportnetwork en1 | cut -d ":" -f 2 | cut -c 2-)

# Remove Network if exists in saved networks
if [ "$net" = "$SSID" ]
  then networksetup -removepreferredwirelessnetwork en1 ${SSID}
  sleep 5

else echo "No Network"
fi

#Power cycle wireless adapter if connected to banned network
if [ "$ap" = "$SSID" ]
  then  networksetup -setairportpower en1 off
        networksetup -setairportpower en1 on
fi

then use cron or launchd (preferred) to run it periodically. The caveat is that while they may join the network, it will eventually (per your schedule) delete it.

You have to run this as root (meaning put in /Library/LaunchDaemons if using launchd) otherwise it will ask you for a password every time.

What the script is doing

  • Checks to see if banned SSID is saved
  • Removes the saved network if it exists
  • Power cycles the airport card if it's attached to the banned SSID

Solution 2:

I've just tested this and it works!

You need the app Apple Congifurator 2, it's on the App Store, made by Apple.

Create a new profile, in the wifi section create a new payload. Fill out the information, including the correct security type. Set the password to something wrong. Uncheck the 'Auto Join' option.

Now, why does this work? The profile sets settings which cannot be changed by the user and so if you configure it with a password the user will not be able to uninstall the profile. Since you have configured the wrong password for the profile, the computer won't be able to connect to the network and will show an incorrect password popup. That's where the "auto join" setting comes in. By configuring the device to not automatically join that network, the device will only attempt to connect to it when the user selects it out of the menu. Since the user can't change the stored password they won't be given the option to try a new password and so won't be able to connect. With auto join off, you also won't get tons of "incorrect password" errors on the device any time the network is in range since it won't bother to connect to it.

Example config

Solution 3:

I have no experience but what I would try: setup a new acccount, give it administrator rights, login in this new account, go to SystemPreferences, ParentalControls: in there set parental controls for your main account, set the access to ...aruba... as forbidden.

Related

Mac Pro trashcan as file server for 60+ users
With Firefox Aurora, Mountain Lion hung - but the mouse still worked
How to I access documents saved in iCloud with Mountain Lion on my iOS device
How many monitors can the new retina MacBook Pro handle and at which pixels resolutions?
Using iPhone while charging and when charged
Create AirPort network from the command line?
Possible to reset Keychain password without knowing the old password?
make custom user agent change permanent
Spotlight: Don't Index a Volume
Permissions of /Users keep changing back to drwxrwxrwx
Is there a way to tweet from a keyboard command?
Bluetooth Not Available?