# [10.4] prevent regular users from modifying wireless settings



## finger (Jul 6, 2008)

Hi,

I'm trying to setup a guest account on my iMac G5 (10.4) and the only problem left ist the airport icon on the right side of the top bar. It seems that every user is able to reassociate the iMac to a different wireless network. Is there a way to configure the airport settings globally?

I know that the icon can be removed but that's not what I'm looking for since it's easy to make the thing reappear again.


Thanks,

finger


----------



## ElDiabloConCaca (Jul 6, 2008)

Under Leopard, in the System Preferences under "Security," there's an option for "Require password to unlock each System Preferences pane."  I believe it's the same (or similar) under Tiger.

Enabling this option along with removing the AirPort icon from the menubar should prevent any normal user from modifying the wireless settings without knowledge of the admin password.


----------



## finger (Jul 6, 2008)

No effect.

Thanks anyway.


----------



## DeltaMac (Jul 6, 2008)

Do you want the guest account to NOT use wireless at all? 
What is your goal with this?


----------



## finger (Jul 6, 2008)

DeltaMac said:


> Do you want the guest account to NOT use wireless at all?



Did I say that?

I would like to configure the wireless interface globally which means the following: the admin creates the configuration (SSID, WPA-PSK, IP address..) and all the other users may use but not modify it.

That's how OSX deals with wired network interfaces AFAIK.


----------



## Satcomer (Jul 7, 2008)

Do all the users have Admin accounts on the machine? I ask because YOU as the Admin should only give the users STANDARD accounts. Then as Admin go into each account and set up the wireless. When done click on the lock in the left bottom corner to lock it. you have to  do this on each account you want to have access to wireless. Then when a STANDARD user logs into their account the have to have an Admin password to open the lock you the Admin put on the Network setup. Easy!

Now is you want more control then you will need to have a server with the accounts on that.


----------



## finger (Jul 7, 2008)

Satcomer said:


> Do all the users have Admin accounts on the machine?



Only the user `admin' is able to administer the machine. User `guest' is a regular user.


----------



## finger (Jul 7, 2008)

Oops, I answered too early.



Satcomer said:


> Do all the users have Admin accounts on the machine? I ask because YOU as the Admin should only give the users STANDARD accounts. Then as Admin go into each account and set up the wireless. When done click on the lock in the left bottom corner to lock it. you have to  do this on each account you want to have access to wireless. Then when a STANDARD user logs into their account the have to have an Admin password to open the lock you the Admin put on the Network setup. Easy!



Hmm.. I can't see any locks when clicking on the wireless button.. (see attachment)


----------



## DeltaMac (Jul 7, 2008)

The 'lock' is on your System Preferences/Network pane.

I don't think you can prevent someone from using a different wireless network, if they can successfully connect, and the password (if any) is known.

You can't really compare a wireless connection to a wired connection. The user doesn't need to know about any security setup when using a wired connection. The Wireless can be setup so it's quite difficult to connect, if you have a closed SSID, and a hard-to-remember pass-phrase. If an open wireless network is available simply by choosing from the menu, with no password, and a strong signal - I would do that, too! Perhaps you are making the connection process more difficult that you need!


----------



## finger (Jul 7, 2008)

Is it possible that the wireless-icon on the top bar belongs to some *.app? Then one could easily _chmod o-x_ it..


----------



## Satcomer (Jul 7, 2008)

finger said:


> Oops, I answered too early.
> Hmm.. I can't see any locks when clicking on the wireless button.. (see attachment)



If you go to System PReferences->Network, Airport tab. There you can assign the wireless network and turn *off* the menu item. Then when you as ADMIN lock the System Preferences->Network setup no regular user will be able to change it. Too easy.


----------



## finger (Jul 10, 2008)

Satcomer said:


> If you go to System PReferences->Network, Airport tab. There you can assign the wireless network and turn *off* the menu item. Then when you as ADMIN lock the System Preferences->Network setup no regular user will be able to change it. Too easy.




Ok, I still don't get it. Here is the screenshot. Please point at the thing I can't see..


http://img514.imageshack.us/img514/7855/wlanqs9.jpg


----------



## Kees Buijs (Jul 15, 2008)

I think i know what the issue is (though i have no solution).


You can LOCK out users from changing the network settings (like switching from wireless to wired etc).

Selection a wireless network is not part of the NETWORK pane and can therefore not be locked.by locking the NETWORK pane settings.

The settings for ech wireless network can be different, thus the user must be able to chang the settings when selecting a wireless connection. So you need an option to prevent a user from selecting a wireless network.


Good luck, Kees


----------



## finger (Jul 15, 2008)

Kees Buijs said:


> I think i know what the issue is (though i have no solution).
> 
> 
> You can LOCK out users from changing the network settings (like switching from wireless to wired etc).
> ...



Exactly, you just won 10 points! 

Well, I tried Leopard (10.5.4) and in Leopard you are able to restrict wireless-changes to administrators only. Can't remember the name of the option but I'm pretty sure it was somewhere under `security' or `network'.

Solved for 10.5, no solution for 10.4.


----------

