Windows Server 2016 is an integral operating system by means of which we can carry out hundreds of administration tasks, whether or not parameterization is one of the most used..
Windows Server 2016 has the group policies which allow us to carry out special configurations on elements at the user level, equipment or hardware within the organization in a simplified way, since when editing or creating a new policy it will be replicated to All the teams and users of the organization without having to go team by team performing the task.
One of these administrative tasks, rarely used, is associated with Wi-Fi networks, that is, providing access to Wi-Fi networks or not, and although this seems a little relevant issue it really is not, since networks Wi-Fi are susceptible to attacks due to the operation of their network which can be detected by an attacker and, with the appropriate tools, access the organization's local network and carry out attacks that can create a high impact on the administration ..
Today at TechnoWikis we will analyze how to create a group policy on the entire Wi-Fi networks issue.
1. How to access administration tools in Windows Server
To start the management process we will have to perform the following steps: We go to the "Server Administrator" utility, from here we go to the "Tools" menu and there we select the "Group Policy Management" option:
2. How to create GPO group policy in Windows Server
Step 1
In the new window that will be opened, we will go to our forest, display the domain options and right click on the "Group Policy Objects" folder and select the "New" option:
Step 2
The following pop-up window will be displayed where we will assign the desired name for the new policy. Click on "Accept" to create the new policy.
3. How to edit GPO group policy in Windows Server
Step 1
Now, click on the "Group Policy Objects" folder, locate the policy we have created and right click on it by selecting the "Edit" option:
Step 2
This will display the following window where we will go to the next route:
There, we will locate the policy called Wireless Network Policies (IEEE802.11), we will right click on it and see the two options:
Option 1
Create a new wireless network policy for Windows Vista and later versions: This option should be used when the computers where this GPO is to be applied have at least Windows Vista, Vista, Windows 7, Windows 8 and Windows 10.
Option 2
Create a new Windows XP policy: We must use this option when only Windows XP computers will be managed.
In this case we select the first option:
Step 3
The following window will be displayed where we will enter a name for the new policy. There we can define more values ​​if we wish, based on the requirements of the organization.
Step 4
Now, we go to the "Network permissions" tab where it will be possible to allow access to the available Wi-Fi networks or not, these can be detected automatically or entered manually.
There we have the following options to consider:
Option 1
Prevent connections to ad hoc networks: An ad hoc network does not have infrastructure and are generally designed between two or more teams to transfer information.
Option 2
Prevent connections to infrastructure networks: These networks have a network device that manages your connection, modem, router, etc., so preventing this connection will prevent all types of connection, both local and mobile.
Option 3
Allow the user to view denied networks: This option allows the user to see the name of the active Wi-Fi network but its connection to it is not possible.
In this case, we will activate the "Prevent connections to ad hoc networks" box and click on the "Add to manually add the Wi-Fi network" button where access will be prevented..
In the window that will be displayed we must define
- SSID, or Wi-Fi network name
- Select the type of network, ad hoc or Infrastructure
- Define the type of permission, deny or allow
Note
The name of the Wi-Fi network must be as it appears on the Wi-Fi networks available on the client computers.
Once these values ​​have been defined, click on the "Accept" button:
Step 5
We will see the network added in the policy created. There we can add the desired Wi-Fi networks. Finally, click on the "Apply and Accept" button to save the changes.
4. How to create a policy link to the domain in Windows Server
We have created the policy in the "Group Policy Objects" section and we will need to link it to the domain in order for this policy to be applied to all computers in the domain.
Note
This policy can also be linked to any existing OU in the domain structure.
Step 1
For this, we will right click on our domain and select the option "Link an existing GPO":
Step 2
The following window will be displayed where we will select the previously created policy. Click on "Accept" to create the link.
Step 3
We will see our linked GPO:
Step 4
There, we will go to the "Details" tab and display the options in the GPO Status field and select the "User configuration disabled" line:
Step 5
The following message will be displayed: Click on "Accept" to confirm it
Step 6
We will see that this disabling has been applied:
Step 7
Finally, we can go to some client computer to validate and there we access the command prompt console and execute the following line:
gpupdate / force
In this way we will prevent users from having the possibility of accessing a Wi-Fi network within the organization and thus adding various levels of security in our company.
