none
Disable WIFI connection with GPO when network cable is plugged

    General discussion

  • Hello all,

    I want to disable the WIFI connections on users laptop whenever the user is connected to the LAN with the ethernet cable.

    - WIFI should be enabled when the cable is not plugged.

    - WIFI should be disabled when the cable is plugged.

    Can this be done via GPO?

    Any logon scripts that can be triggered to check the device manager for plugged network cable then enabling and disabling the WIFI.

    The whole idea is users should be prevented to use WIFI at the office but WIFI should be enabled when they move outside the office.

    Wednesday, April 24, 2013 10:55 AM

All replies

  •  
    > I want to disable the WIFI connections on users laptop whenever the
    > user is connected to the LAN with the ethernet cable.
     
    You need hardware that supports this function - it's not possible via
    GPO. But remember - nobody can restrict your users to simply pull out
    the plug while inside the building ;-)
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Wednesday, April 24, 2013 2:42 PM
  • Hello Martin,

    I have come around this interesting link: http://superuser.com/questions/112585/how-can-i-disable-wifi-when-computer-is-connected-to-lan-with-wire-using-gpo

    Grateful to have your views....

    Thursday, April 25, 2013 5:25 AM
  •  
    > I have come around this interesting link:
    >
    >
    > Grateful to have your views....
    >
     
    Here they are ;-)
     
    You asked for a solution through GPO - that's impossible. Scripts
    running in SYSTEM context can do almost everything, but they are out of
    scope for this forum. Easiest way still is having hardware support.
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Thursday, April 25, 2013 7:52 PM
  • Great that this is easy now as long as you have a domain and windows 8+ with the following GPO setting:

    Computer Configuration=> Policies=> Administrative Templates=> Network=> Windows Connection Manager=> Prohibit connection to non-domain networks when connected to domain authenticated network

    This has the desired effect of disabling wifi connections (obviously at software level) when the machine detects it has a LAN connection and can see the domain the computer is a member of.

    Cheers

    Wednesday, October 22, 2014 2:41 AM
  • Did you have any luck finding a solution? 

    This is a huge annoyance, Why anyone thought it was good design to have 2 IP addresses assigned to one User system in a domain is nuts! Windows XP had it right!

    Thank you in advance! :) 

    Monday, February 23, 2015 7:20 PM
  • Did you have any luck finding a solution? 

    This is a huge annoyance, Why anyone thought it was good design to have 2 IP addresses assigned to one User system in a domain is nuts! Windows XP had it right!

    Thank you in advance! :) 


    Is a shortage of IPs the driving force behind this?

    CRM Advisor

    Monday, February 23, 2015 9:57 PM
  • have you checked out the local computer policy (or GPO)?

    admin templates, Network, Windows Connection Manager:

    if these are domain joined (sounds like it): Prohibit connection to non-domain networks when connect to domain authenticated network - enabled

    workgroup (or domain) computers: Minimize the number of simultaneous connections to the internet or a windows domain - enabled, and then set the Ethernet adapter as the most preferred connection. for this probably use powershell: Get-NetIPInterface and Set-NetIPInterface (interface metric property)

    Wednesday, August 19, 2015 4:27 PM
  • But - just because LAN connection is identified as domain connection it doesn't mean that the WIFI is then considered "non-domain" does it, especially if the WIFI connection is part of the domain as well?  Unless, we're just talking about guest WIFI in the office. 


    Computer Configuration=> Policies=> Administrative Templates=> Network=> Windows Connection Manager=> Prohibit connection to non-domain networks when connected to domain authenticated network

    This has the desired effect of disabling wifi connections (obviously at software level) when the machine detects it has a LAN connection and can see the domain the computer is a member of.

    Cheers


    Wednesday, September 7, 2016 6:04 PM
  • Worked for what I needed.

    Our Wifi is not part of our LAN, so this drops the connection when the LAN is detected.

    Which accomplishes exactly what is needed, don't allow a machine to be connected to the corporate LAN, and the public WiFi at the same time.

    Or at least what I needed.

    Thursday, March 23, 2017 10:40 PM
  • So, is this valid for Windows 7 and 10 also?

    How does it detect AD? I mean its just ping??? From security perspective....What if someone connects Wi-Fi to Guest network having machine with same IP as of AD (on LAN).....Will that Wi-Fi be considered as corporate???

    Thursday, June 8, 2017 7:10 PM
  • You need hardware that supports this function - it's not possible via
    GPO. But remember - nobody can restrict your users to simply pull out
    the plug while inside the building ;-)
     
    Whether it is possible using GPO is one thing but doing it in hardware does not make sense to me. At the hardware level network interfaces do not communicate.


    Sam Hobbs
    SimpleSamples.Info

    Thursday, February 1, 2018 8:46 PM