Delete a saved WiFi SSID

Content Authoring
1

I need to detect if a WiFi SSID is configured on systems, and if so, remove it so that the computer will no longer attempt to connect to it.

This is needed because an existing SSID is being decommissioned.

I have done some investigation into this in the past, but never took the step of removing it.

I’m not completely certain if SSIDs are always a computer level setting, or if they are also a user setting, which would make the removal more complex.

Related:

References:

Locations:

  • c:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces\
  • HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\

Commands:

  • netsh wlan delete profile NameOfWirelessProfile
  • netsh wlan delete profile name=“NameOfWirelessProfile
  • netsh wlan show profiles
2

As an alternative if you can’t figure it out on the Windows side… It looks like you can set an SSID blacklist in Windows via group policy:

I think from there you should be able to identify what registry keys/files this GPO is changing and push those settings via a fixlet and just blacklist the SSID itself.

1 Like
3

Thanks, that is useful.

I wasn’t even thinking of not just deleting the existing profile, but also preventing any future connections to it, which is potentially even better.

4

Relevance:

unique values of (it as string) of (values "Description" of it; values "ProfileName" of it) of keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles" of (x64 registries; x32 registries)

.

unique values of (it as string) of (values "Description" of it; values "FirstNetwork" of it) of keys of keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures" of (x64 registries; x32 registries)

.

unique values of (preceding text of first "." of it | it) of names of keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet" of (x64 registries; x32 registries)

.

unique values whose(it != "") of (it as string as trimmed string) of (values "DhcpDomain" of it; values "Domain" of it) of keys of keys "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces" of (x64 registries; x32 registries)

.

node values of selects "/WLANProfile/name/text()" of xml documents of files whose(name of it as lowercase ends with ".xml") of folders of folders "C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces"

.

unique values of node values of (selects "/WLANProfile/name/text()" of it; selects "/WLANProfile/SSIDConfig/SSID/name/text()" of it) of xml documents of files whose(name of it as lowercase ends with ".xml") of folders of folders "C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces"

These are the signs of the a network I could find on a Windows 10 machine.

5

I created an analysis here: https://bigfix.me/analysis/details/2994819

Session relevance to grab the list of SSIDs found on all systems:

unique values of values of results of bes properties "WLAN Profile & SSID names"
6

The relevance includes WinXP which I think is not correct, but otherwise this seems to work:

https://bigfix.me/fixlet/details/6171

Need to do some more testing.