5.11 Wireless Policy

The Wireless policy lets you control wireless access. The available settings depend on whether the policy is a global policy or a location-based policy.

5.11.1 Global Policy Settings

A global Wireless policy lets you disable wireless connectivity. If you want to allow wireless connectivity but control available access points and security levels, you must use a location-based policy.

The following settings are available for a global Wireless policy:

  • Disable Ad Hoc wireless connections: Select this option to disable the Ad-Hoc mode for wireless connections. This eliminates all peer-to-peer wireless connections.

  • Block wireless connections: Select this option to block all wireless connections. Connections are blocked but the wireless adapter remains active in case you want to use wireless access points to determine location. To completely disable wireless adapters, use the Communication Hardware policy.

5.11.2 Location-Based Policy Settings

A location-based Wireless policy lets you control connectivity to wireless access points. If you want to completely block all wireless connectivity, you should use a global Wireless policy.

Wireless Access Point List

You can use the Wireless Access Points list to control connections to access points. The list works as follows:

  • You can add approved access points and prohibited access points. Prohibited access points are filtered out of the wireless network connection display; if a user manually connects to a prohibited access point, the connection is blocked.

  • All access points are approved (default approval) until you add one approved access point to the list (explicit approval). At that point, the default approval is ignored and only explicitly approved access points are allowed.

  • Prohibited access overrides approved access. For example, assume that you have multiple access points that share Novell as the SSID. You create an approved access point definition using Novell as the SSID, which results in all access points that share the Novell SSID being allowed. However, there is one Novell access point you want to prohibit. You create a prohibited access point definition using the access point’s MAC address. Based on its SSID and MAC address, the access point matches both definitions (approved and prohibited). Prohibited access overrides approved access, so connection to the access point is prohibited.

The following table provides instructions for managing access points:

Task

Steps

Additional Details

Add a new access point

  1. Click Add > Create New.

  2. Fill in the following fields to define the access point:

    Name: Specify a name to identify the access point in the ZENworks system.

    SSID and MAC Address: The SSID and the MAC Address are the two fields used to determine if a detected access point matches this definition. You must fill in at least one of the fields.

    Multiple access points can share the same SSID. If you fill in the SSID field, any access point that uses that SSID is matched. The SSID is case-sensitive.

    If you want to identify a specific access point, enter the MAC address. Each access point has a unique MAC address.

    Enforcement: Select whether the access point is prohibited or approved.

  3. To define another access point, select Define another access point.

  4. Click OK to add the access point to the list.

 

Copy an access point from another policy

  1. Click Add > Copy Existing.

  2. Select the Wireless policies whose access points you want to copy.

  3. Click OK.

All access points included in the selected Wireless policies are copied. If necessary, you can edit the copied access points after they’ve been added to the list.

Import an access point from a policy export file

  1. Click Add > Import.

  2. Click to display the Select File dialog box.

  3. Click Browse, select the export file, then click OK.

  4. Click OK to add the access points to the list.

All access points included in the export file are imported. If necessary, you can edit the imported access points after they’ve been added to the list.

For information about exporting access points, see Export an access point.

Edit an access point

  1. Click the access point name.

  2. Modify the fields as desired.

  3. Click OK.

 

Export an access point

  1. Select the check box next to the access point name.

    You can select multiple access points to export.

  2. Click Edit > Export.

  3. Save the file.

    The default name given to the file is sharedComponents.xml. You can change the name if desired. Do not change the .xml extension.

 

Delete an access point

  1. Select the check box next to the access point name, then click Delete.

  2. Click OK to confirm deletion of the access point.

 

Minimum Security

Select the minimum security protocol that an approved access point must provide before a connection is allowed. For example, if you select WPA, only approved access points that provide WAP or WPA2 encryption are allowed.

Approved access points that fall below the minimum security level are not displayed in the device’s wireless network connections list when detected. If a user tries to manually define a connection to the access point, the connection is blocked.

Minimum Security Message

This option lets you display a message when a wireless connection is blocked because the access point does not meet the minimum security requirement.

Select the option, then fill in the following fields:

  • Title of Message Window: Specify the Message Window’s title.

  • Body: Provide the text for the message body.

  • Message Hyperlink: If you want to include hyperlink, select Include message hyperlink, then enter the display text for the hyperlink and the link command.