Posted on August 21, 2014 · Posted in Windows 8

Filtering Available WiFi Networks in Windows 8

Today we’ll demonstrate how to manage white/black lists of the WiFi networks and allow/restrict user access to them without using complex group policy objects.

To manage the list of available WiFi networks, we’ll use the feature of WLAN filtering in netsh (other examples of using netsh in Windows to manage wireless networks can be found in this article).

Note. All these operations are performed with local administrator privileges. It also means that if the administrator of the computer has restricted access to certain Wi-Fi networks, a standard user cannot change this behavior.

Filtering a list of available Wi-Fi networks is based on the concepts white and blacklist SSID of WiFI networks.

Note. SSID (Service Set Identifier) is a unique name for the wireless network, the one that you see in the list of available WiFi networks when viewing the wireless environment. This name is specified in the settings of the WiFi access point, its maximum length is 32 characters, and it is case-sensitive.

Let’s consider two basic scenarios of WiFi network filtering:

Task: to hide all WiFi networks except permitted ones from the user
Task: to hide only certain WiFi (for example, open or unprotected) networks

The first scenario suggests that we need to configure Windows 8 so that the system sees only those WiFi networks that the administrator has specified (all other networks should be locked and hidden from the user). To implement this scenario:

Run the command line as an administrator
Create a new filter, specifying the SSID of the network, which should be available for connection in the WiFi network list (white list):
1

netsh wlan add filter permission=allow ssid="SSID-of-White-Network" networktype=infrastructure
Note. The similar commands can be used to add SSIDs of all permitted WiFi networks, which a user computer should see, to the white list.
The following command will also forbid displaying all the other ones (usually untrusted WiFi networks):
1

netsh wlan add filter permission=denyall networktype=infrastructure

Let’s consider the second scenario when we need to hide SSIDs of certain WiFi networks from the user. To do it:

Run cmd as administrator

For each of the WiFi networks that we want to hide, run the following command:

1	netsh wlan add filter permission=block ssid="SSID-of-Black-Network" networktype=infrastructure

The list of the applied filters can be obtained with the command:

1	netsh wlan show filter

In our case, we can see that there are two custom filters used: one network is added to the Allow List and the other one – to the Block List.

To remove an SSID of a WiFi network from the block list:

Run the command

1	netsh wlan set blockednetworks display=show

After the previous command is executed, all Wi-Fi networks blocked with this filter appear in the list with a small cross icon (this means that the network is blocked).

Remove this network from the black list:

1	netsh wlan delete filter permission=block ssid=NETGEAR2b networktype=infrastructure

Disable the display of hidden wireless networks:
1

netsh wlan set blockednetworks display=hide

To remove all applied Wi-Fi filters, run the following command:

1	netsh wlan delete filter permission=denyall networktype=infrastructure

If the command is successful, the following message appears:

1	The filter is removed from the system successfully.

There’s an interesting feature – if the computer administrator uses filters to restrict user access to wireless networks, a standard PC user can view a list of all currently available wireless networks with the command: