Today we’ll demonstrate how to manage white/black lists of the WiFi networks and allow/restrict user access to them without using complex group policy objects.
To manage the list of available WiFi networks, we’ll use the feature of WLAN filtering in netsh (other examples of using netsh in Windows to manage wireless networks can be found in this article).
Filtering a list of available Wi-Fi networks is based on the concepts white and blacklist SSID of WiFI networks.
Let’s consider two basic scenarios of WiFi network filtering:
- Task: to hide all WiFi networks except permitted ones from the user
- Task: to hide only certain WiFi (for example, open or unprotected) networks
The first scenario suggests that we need to configure Windows 8 so that the system sees only those WiFi networks that the administrator has specified (all other networks should be locked and hidden from the user). To implement this scenario:
- Run the command line as an administrator
- Create a new filter, specifying the SSID of the network, which should be available for connection in the WiFi network list (white list):
1
netsh wlan add filter permission=allow ssid="SSID-of-White-Network" networktype=infrastructure
Note. The similar commands can be used to add SSIDs of all permitted WiFi networks, which a user computer should see, to the white list. - The following command will also forbid displaying all the other ones (usually untrusted WiFi networks):
1
netsh wlan add filter permission=denyall networktype=infrastructure
Let’s consider the second scenario when we need to hide SSIDs of certain WiFi networks from the user. To do it:
- Run cmd as administrator
- For each of the WiFi networks that we want to hide, run the following command:
1
netsh wlan add filter permission=block ssid="SSID-of-Black-Network" networktype=infrastructure
The list of the applied filters can be obtained with the command:
1 | netsh wlan show filter |
In our case, we can see that there are two custom filters used: one network is added to the Allow List and the other one – to the Block List.
To remove an SSID of a WiFi network from the block list:
- Run the command
1
netsh wlan set blockednetworks display=show
- After the previous command is executed, all Wi-Fi networks blocked with this filter appear in the list with a small cross icon (this means that the network is blocked).
- Remove this network from the black list:
1
netsh wlan delete filter permission=block ssid=NETGEAR2b networktype=infrastructure
- Disable the display of hidden wireless networks:
1
netsh wlan set blockednetworks display=hide
To remove all applied Wi-Fi filters, run the following command:
1 | netsh wlan delete filter permission=denyall networktype=infrastructure |
If the command is successful, the following message appears:
1 | The filter is removed from the system successfully. |
There’s an interesting feature – if the computer administrator uses filters to restrict user access to wireless networks, a standard PC user can view a list of all currently available wireless networks with the command:
1 | netsh wlan set blockednetworks display=show |
Blocked networks will be marked with a red “x” icon and you won’t be able to connect to them.
The described above filtering techniques to access Wi-Fi networks also work in Windows 7/Vista.