There's a powerful utility, netsh, that can perform a number of useful administrative tasks. You can prevent users from accessing other Wi-Fi networks, thus hardening the security: unauthorized connection to such networks can result in an uncontrolled data leak.
The technique mentioned will work in Windows Server 2008 or Vista. To see the list of enabled filter, run the following command:
netsh wlan show filters
You can block an unwanted connection to outer network by creating a filter, the syntax is:
netsh wlan add filter permission={allow|block|denyall} ssid=NETWORKNAME networktype={infrastructure|adhoc}
The 'denyall' value doesn't require a ssid parameter. It allows to block all infrastructure or adhoc networks, but retain explicitly the ability to connect to other networks.
To remove an existing filter run this:
netsh wlan delete filter permission={allow|block|denyall} ssid=NETWORKNAME networktype={infrastructure|adhoc}
(just use the same parameters used when creating a filter).
Finally, to either hide or display the blocked networks on the Connect to a Network dialog, run this:
netsh wlan setblockednetworksdisplay={show|hide}
'hide' value can be most useful in most cases.
