Quantcast
Channel: Group Policy forum
Viewing all articles
Browse latest Browse all 19997

Disable "Connect Automatically" Wi-Fi option via Group Policy

$
0
0

I have recently been given the task of addressing an audit finding as follows:

Finding WIF02 Ad-hoc Wireless Client Probes
While conducting a “war-walk” exercise multiple laptops were found to be searching for the last associated access point (SSID). These are typical signs of client wireless cards that are enabled and actively hunting for a wireless connection. Since the device could not connect to the corporate wireless solution, potentially due to an authentication issue, it reverted to the last access point it associated with. These types of ad-hoc wireless probes can lead to client-to-client or “evil-twin” attacks for any attacker within range of the probing client. “Evil Twin” attacks mimic access point SSID’s that clients have previously connected to. The client then connects to the “evil-twin” network which may include internal network traffic as well as public Internet requests (dependent upon the configuration and scenario).

From my interpretation, the only remediation to this would be to disable the "Connect Automatically" option for "remembered" Wi-Fi networks.  Is there any way to effectively disable this for all domain machines using group policy?  This would force users to explicitly connect when a Wi-Fi network when it's in range.

Thanks in advance to anyone who can help! :)


Viewing all articles
Browse latest Browse all 19997

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>