This Mini-How-To was created to help the Small Office/Home Office (SOHO) desktop or laptop computer system/network administrator configure the Windows 7 Operating System to block access to rogue or unencrypted wireless networks.
All users should use password protected accounts.
Most users should be configured as standard users.
Access to administrator accounts should be restricted and be protected by strong passwords.
Use the Windows 7 Parental Controls to configure when standard users can log on and use the computer and what programs or games the standard user can use while logged on.
Windows 7 netsh commands for wireless local area network (WLAN) provide methods to configure 802.11 wireless connectivity and security settings. Windows 7 netsh commands will work to both block wireless networks and to either hide blocked networks or if not hidden tell the user the network has been blocked by the administrator. Use these from the command line as an administrator.
Wireless desktop PC
administrators should see this
special
note.
Open the Commmand Prompt window by
going to Start > All Programs > Accessories > Command Prompt.
Right click on Command Prompt and select Run as administrator.
To block a network using netsh...
netsh wlan add filter
permission=block ssid=<ssid_to_be_blocked> networktype=infrastructure
Examples of netsh commands used to
block a neighbors unencrypted wireless network whose SSID is funbox...
netsh wlan add filter permission=block ssid=funbox networktype=infrastructure
To show the blockednetworks list...
netsh wlan
show filters permission=block
To hide blocked networks...
netsh wlan
set blockednetworks display=hide
Note the funbox network is no longer visable on the available wireless networks list.
To show blocked networks. If this
option is used the user will receive a message stating that connection to the
blocked network has been blocked by the system administrator...
netsh wlan
set blockednetworks display=show
To delete an entry in the
blockednetworks list...
netsh wlan delete filter
permission=block ssid=funbox networktype=infrastructure
Special note for wireless desktop PC users
Because a wireless desktop PC is not a mobile device you can perform a blanket denyall action then add your private wireless network to the allow list instead of individually needing to block each network one at a time.
netsh wlan add filter permission=denyall
networktype=infrastructure
netsh wlan set blockednetworks display=hide
netsh wlan add filter permission=allow ssid=Your_SSID networktype=infrastructure
All nearby wireless networks will be blocked and hidden while you will
still be able to connect to your private network, ie. the only one listed in the
available networks list.
| Last reviewed: 20 November 2009...awj Copyright © 2009 - Alan W. Jarvi - All rights reserved The Microsoft MVP Program |
 |