Disable the Wireless Hosted Network or Virtual AP Feature

by Eric Geier [Published on 26 July 2011 / Last Updated on 2 Aug. 2010]

Prevent users from knowingly or unknowingly hosting a virtual wireless access point (AP).

Microsoft added a new virtual or soft access point (AP) feature to Windows 7, which lets users create and host a Wireless Hosted Network. Network adapters can act as a wireless router or AP, even when connected to another Wi-Fi network.

This might be cool to some; however it can be a great way for users to knowingly or unknowingly open your network up to unauthorized users. It’s just like someone plugging in a rouge AP. Wireless Hosted Networks are automatically encrypted with WPA2, but you still don’t have control of the connection, and the host can give out the encryption key.

You can, however, prevent users from creating these hosted networks via Group Policy:

  1. Go to Computer Configuration > Policies > Windows Settings > Security Settings > Wireless Network (IEEE 802.11) Policies.
  2. Create a new group policy or modify an existing one.
  3. Select the Network Permissions tab and in the Windows 7 Policy Settings, select the "Don't allow hosted networks" checkbox.

Featured Links