How to Disable Wi-Fi When Ethernet is Connected Using Group Policy

Launch the Group Policy Management Console on your domain controller to begin creating the policy that will manage Wi-Fi behavior.

gpmc.msc

Navigate to your domain structure in the left panel. You'll see your domain name, followed by organizational units (OUs) where your computers are located.

Create a dedicated GPO for managing Wi-Fi behavior. This keeps the policy organized and makes troubleshooting easier.

Right-click on the Organizational Unit containing your target computers and select Create a GPO in this domain, and Link it here. Name the GPO something descriptive like "Disable WiFi on Ethernet Connection".

For better targeting, configure Security Filtering to apply only to computers with Wi-Fi capabilities:

1. Select your new GPO in the right panel
2. Click the Scope tab
3. Under Security Filtering, remove Authenticated Users
4. Click Add and select specific computer groups or individual computers

Edit the GPO to access the specific policy setting that controls network connection behavior.

Right-click your newly created GPO and select Edit. This opens the Group Policy Management Editor.

Navigate through the following path:

Computer Configuration
├── Policies
    ├── Administrative Templates
        ├── Network
            └── Windows Connection Manager

The Windows Connection Manager folder contains policies that control how Windows manages network connections, including the priority between wired and wireless connections.

You should see several policy settings in the right panel, including "Minimize the number of simultaneous connections to the Internet or a Windows Domain" which is the key setting we'll configure.

Configure the main policy that automatically disables Wi-Fi when an Ethernet connection is established.

Double-click on Minimize the number of simultaneous connections to the Internet or a Windows Domain to open the policy configuration dialog.

Configure the policy as follows:

1. Select Enabled radio button
2. In the Options section, click the dropdown menu
3. Select 3 = Prevent Wi-Fi when on Ethernet
4. Click OK to save the configuration

This setting tells Windows to automatically disable Wi-Fi adapters when a wired Ethernet connection becomes active, preventing dual network connections that can cause routing conflicts.

The policy explanation shows: "This policy setting allows you to specify that computers should minimize the number of simultaneous connections to the Internet or to a Windows domain."

Add a supplementary policy to prevent connections to non-domain networks when connected to domain-authenticated networks, providing additional network security.

In the same Windows Connection Manager folder, double-click Prohibit connection to non-domain networks when connected to domain authenticated network.

Configure this policy:

1. Select Enabled
2. Click OK

This policy works in conjunction with the primary setting to ensure that when users are connected to the corporate network via Ethernet, they cannot simultaneously connect to external Wi-Fi networks that might bypass security controls.

The policy description explains: "This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at the same time."

Close the Group Policy Management Editor and force an immediate policy update to test the configuration.

On the domain controller, open an elevated Command Prompt and run:

gpupdate /force

On target client computers, run the same command to immediately apply the new policy:

gpupdate /force

Alternatively, you can wait for the automatic Group Policy refresh cycle, which occurs every 90-120 minutes for client computers.

To verify policy application on client computers, run:

gpresult /r

Look for your GPO name in the "Applied Group Policy Objects" section under Computer Settings.

For detailed policy verification, use:

gpresult /h C:\GPResult.html

This creates an HTML report showing all applied policies and their settings.

Verify that the policy works correctly by testing the automatic Wi-Fi disabling behavior on a target computer.

On a test computer with both Wi-Fi and Ethernet capabilities:

1. Ensure the computer is connected to Wi-Fi initially
2. Connect an Ethernet cable to establish a wired connection
3. Wait approximately 20-30 seconds for the policy to take effect
4. Observe that the Wi-Fi connection automatically disconnects

Check the network status using PowerShell:

Get-NetAdapter | Where-Object {$_.Status -eq "Up"} | Select-Object Name, InterfaceDescription, LinkSpeed

This command shows only active network adapters. You should see only the Ethernet adapter listed when the cable is connected.

To monitor the connection changes in real-time, use:

Get-WinEvent -FilterHashtable @{LogName='System'; ID=10000} -MaxEvents 10 | Format-Table TimeCreated, Id, LevelDisplayName, Message -Wrap

For additional reliability or computers where GPO isn't sufficient, configure driver-level settings that provide hardware-based Wi-Fi disabling.

On target computers, access Device Manager:

devmgmt.msc

Navigate to Network adapters and locate the Wi-Fi adapter (usually contains "Wireless", "Wi-Fi", or "802.11" in the name).

Configure the adapter properties:

1. Right-click the Wi-Fi adapter and select Properties
2. Click the Advanced tab
3. Look for a setting named "Disabled Upon Wired Connect" or similar
4. If available, set the value to Enabled
5. Click OK

Not all Wi-Fi adapters support this feature. Common adapters that do include Intel Wireless adapters and some Realtek models.

For adapters without this option, you can deploy a PowerShell script via GPO startup scripts:

# Check if Ethernet is connected and disable Wi-Fi
$ethernetAdapter = Get-NetAdapter | Where-Object {$_.MediaType -eq "802.3" -and $_.Status -eq "Up"}
$wifiAdapter = Get-NetAdapter | Where-Object {$_.Name -like "*Wi-Fi*" -or $_.Name -like "*Wireless*"}

if ($ethernetAdapter -and $wifiAdapter) {
    Disable-NetAdapter -Name $wifiAdapter.Name -Confirm:$false
}

Establish monitoring procedures to ensure the policy continues working correctly and troubleshoot any issues that arise.

Create a monitoring script to check policy compliance across multiple computers:

# Check GPO application status
$computers = Get-ADComputer -Filter "OperatingSystem -like '*Windows 10*' -or OperatingSystem -like '*Windows 11*'" | Select-Object -ExpandProperty Name

foreach ($computer in $computers) {
    if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
        $result = Invoke-Command -ComputerName $computer -ScriptBlock {
            gpresult /r | Select-String "Disable WiFi"
        }
        Write-Output "$computer: $result"
    }
}

Common troubleshooting steps for policy issues:

1. Policy not applying: Verify GPO is linked to correct OU and security filtering includes target computers
2. Delayed application: Run gpupdate /force and restart the computer
3. Partial functionality: Check Windows version compatibility and ensure all Windows updates are installed

Use the Group Policy Results Wizard in GPMC for detailed troubleshooting:

1. Right-click "Group Policy Results" in GPMC
2. Select "Group Policy Results Wizard"
3. Choose the target computer and user
4. Review the generated report for policy application status