none
Disable Bluetooth and Wireless by using group policy RRS feed

  • Question

  • Hi all,

    A customer asked me to disable all wireless and bluetooth devices on every laptop of the company. I could see that windows do not allow to disable bluetooth and Wireless natively by group policy. I can disable devices from device manager, but I have to go to every machine to do this. Do somebody know a way to solve this with less administrative effort? Thank you very much.


    Monday, August 15, 2011 3:42 PM

Answers

  • Hi dgimenez1983,

    Isn't easier for your client to buy computers with no Wi-Fi and bluetooth ? If you are talking about laptops instead of computers, well, ask him first if he really wants the Wi-Fi and Bluetooth disabled ANYWHERE the laptop is or only while in his LAN.

    If he wants to disabled it ONLY on his LAN, then the 3rd party tools is the way to go. And yes, tell him that sometimes, to eat an omlet, you have to break some eggs. Like him spending some money in 3rd party tools that will respond to his demands. GPO are good for a lot of things, but not for ALL things.

    If he wants to disable Wi-Fi and Bluetooth for good, use the information I gave you about the GPP Services and disable the Bluetooth Support Service (BthServ) for Bluetooth and the Wireless Zero Configuration service for WiFi.

    P.S. There are ways to circumvent a GPO (especially for laptops that go out of the network), so you better tell your customer to invest some money in 3rd party tools.


    " Never panic before reboot ! "





    Tuesday, August 16, 2011 9:46 PM
  • Hi,

     

    In addition to the above suggestions, please refer the following links to configure the group policy to disable Bluetooth:

     

    How to disable Bluetooth device per security group via GPO or logon, WMI or vbs scripts?

    http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/ad0b44c2-437c-449e-8a4b-5db55254108f/

     

    Restrict Bluetooth File Transfer

    http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/0a04b41b-05a8-4d7b-9ae0-212137cc4af7/

     

    When you use Group Policy management functionality in System Center Mobile Device Manager 2008 to disable a Bluetooth profile, the profile is not disabled

    http://support.microsoft.com/kb/954026

     

    Hope this helps!

    Wednesday, August 17, 2011 6:42 AM
    Moderator

All replies

  • Hi,

    You may check this one in what is for disabling Wi-Fi by GPO : http://www.wirelessautoswitch.com/. It is a great product and I use it for my laptops and it's not that expensive.

    For Bluetooth devices, try this : http://technet.microsoft.com/en-us/library/dd252791.aspx. I didn't test it though. You may also try to use GPP Services to disable the Bluetooth Support Service (BthServ)


    " Never panic before reboot ! "



    Monday, August 15, 2011 6:13 PM
  • I could see that I can disable devices through renaming drivers files. Is there any way to do this from AD to all notebooks of the company?

    Tuesday, August 16, 2011 3:09 PM
  • Hi,

    I think you can manage doing this using a startup script.


    " Never panic before reboot ! "





    Tuesday, August 16, 2011 3:16 PM
  • Hi,
    There is no Group Policy to directly do such. What "may" help if you have
    Windows 2003 domain controllers is to configure Group Policy/computer
    configuration/Windows settings/security settings/wireless network to allow
    use of only preferred network with 802.1X EAP for smart card/certificate for
    a non existent wireless network.

    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!
    Tuesday, August 16, 2011 4:05 PM
  • Hi,

    You can check a software named DeviceLock which helps you in managing Bluetooth and Wireless devices and there is option of Whitelisting

    http://www.devicelock.com/

     

    Tuesday, August 16, 2011 4:09 PM
  • My customer does not want to buy any software to do this. I thought that it could be resolved by renaming drivers files (inf), but I forgot that I have to disable devices from device manager too. Is there any way to disable devices from device manager by running a script?
    Tuesday, August 16, 2011 6:40 PM
  • Hi dgimenez1983,

    Isn't easier for your client to buy computers with no Wi-Fi and bluetooth ? If you are talking about laptops instead of computers, well, ask him first if he really wants the Wi-Fi and Bluetooth disabled ANYWHERE the laptop is or only while in his LAN.

    If he wants to disabled it ONLY on his LAN, then the 3rd party tools is the way to go. And yes, tell him that sometimes, to eat an omlet, you have to break some eggs. Like him spending some money in 3rd party tools that will respond to his demands. GPO are good for a lot of things, but not for ALL things.

    If he wants to disable Wi-Fi and Bluetooth for good, use the information I gave you about the GPP Services and disable the Bluetooth Support Service (BthServ) for Bluetooth and the Wireless Zero Configuration service for WiFi.

    P.S. There are ways to circumvent a GPO (especially for laptops that go out of the network), so you better tell your customer to invest some money in 3rd party tools.


    " Never panic before reboot ! "





    Tuesday, August 16, 2011 9:46 PM
  • Hi,

     

    In addition to the above suggestions, please refer the following links to configure the group policy to disable Bluetooth:

     

    How to disable Bluetooth device per security group via GPO or logon, WMI or vbs scripts?

    http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/ad0b44c2-437c-449e-8a4b-5db55254108f/

     

    Restrict Bluetooth File Transfer

    http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/0a04b41b-05a8-4d7b-9ae0-212137cc4af7/

     

    When you use Group Policy management functionality in System Center Mobile Device Manager 2008 to disable a Bluetooth profile, the profile is not disabled

    http://support.microsoft.com/kb/954026

     

    Hope this helps!

    Wednesday, August 17, 2011 6:42 AM
    Moderator