How to Create an Icon to Switch Wireless Networks on Windows Modern Lockdown Without Exiting

Windows Modern devices enrolled in SOTI MobiControl and using a Lockdown configuration may require you to switch between two SSIDs (Service Set Identifier) without needing administrator access. However, adding settings directly to Lockdown is not possible on Windows, as it is a UWP application.

To achieve this, you must modify the Lockdown template, adding two icons that will allow switching between networks, and associating these icons with scripts that change the networks.

Important:

• This solution assumes that the device has already connected to both networks in the past, and therefore has saved WLAN (Wireless Local Area Network) profiles for both SSIDs.
• If the device has not connected to one of the networks, you will need to create a WLAN profile first. Once the profile is created, the steps in this article apply. See the Wireless profile samples document on how to create an XML file with the Wi-Fi configuration and import it as a profile.

Windows 10 and SOTI MobiControl 2024.1.2

Note: Test only on one test device prior to applying the same in production. Refer to Microsoft documentation if any changes to the script are required.

1. Create the PowerShell script required for this process:

# Define the SSID to check
$TARGET_SSID = "SSID_profile_name"

# Get the current Wi-Fi network
$connectedSSID = (netsh wlan show interfaces | Select-String -Pattern "SSID" | ForEach-Object { $_.ToString().Trim() }) -replace "SSID\s*:\s*", ""

# Check if the current SSID matches the target SSID
if ($connectedSSID -eq $TARGET_SSID) {
Write-Output "Already connected to $TARGET_SSID."
} else {
Write-Output "Not connected to $TARGET_SSID."
Write-Output "Attempting to connect to $TARGET_SSID..."
# Connect to the target SSID
netsh wlan connect name="$TARGET_SSID"
Write-Output "Connecting to $TARGET_SSID..."
} 

Note: Ensure the script is saved with the *.ps1 extension. Additionally, the script includes logic to verify if the device is connected to the desired network. This is important because, depending on the Group Policy Objects (GPO) settings, particularly if the customer has Active Directory configured, using the netsh wlan connect command may disconnect the user even if they are already connected to the desired Wi-Fi network. Before making any changes to the script, ensure that the behavior of this command is tested in the customer's environment.

2. Create a *.bat script to call the PowerShell script. In addition, include a flags to avoid customer interaction with the terminal and bypass the execution policy. Create the *.bat similar to the following: 

@echo off
powershell.exe -ExecutionPolicy Bypass -File "C:\Users\ac\Desktop\Connection.ps1" -Noprofile -NonInteractive
exit 

Note: Make sure to save this script with the *.bat extension. 

3. Use File Sync to deploy the scripts to the Windows devices. If you're unsure how to do this, refer to the File Sync Doc document. 

4. With both scripts on the computer, add the icons to the template and reference the script location. Below is an example of how to do this. If you modify the HTML template to include the icons and reference the script correctly, the result will be correct. After making these changes, apply the profile to the necessary devices. 

 

5. After the lockdown profile is applied, when the user selects the icon, a prompt to run the file may display. Select Run to execute the script and switch the device to the desired network. 
 

If adjustments are needed to the behavior when connecting to the WLAN, refer to the Netsh Command Reference document for further details.