I found an article in which the information about the problem to change the location when client has installed the vmware adapter and when as criteria is set connection type "Ethernet".
http://www.symantec.com/connect/ideas/sep-11x-location-awareness-detecs-vm-ethernet-adapters-real-adapters#comment-6448751
So I disabled vmware network adapter and nothing has changed. Then unistall vmware network adapter and still the same: client can connect to wireless when ethernet is active.
I know there is another option to block the wireless network using Device blocking rule. It works almost like I expected. Namely, when the ethernet card is active the wifi card is blocked. In contrast, when the ethernet card is disabled, the wifi card can not be enabled and thus client can not switch to "wireless" location. I had to add a third location ("non-ethernet") when as criteria is: If the client computer does not use the network connection type specified below: Ethernet. After turning off the ethernet card, SEP switch to this "non-ethernet" location, then connects to the wireless network and switch to "wirelless".
Problem is for me to get device id of all computers and update them later. Whether it can be done remotely?
Has anyone successfully implemented a blocking traffic to a wireless network, and could share your comments?
I will be grateful for any suggestions in this regard.