Write an access log.
Find MAC connected more than N times per month.
Block.
PS You can make an authorization to receive wifi through social networks - and know who to fine according to the results)
, I just thought - and I realized that I don’t understand the meaning of such a ban.
Now mobile internet is fast. if employees want to suffer garbage, they will suffer garbage through 3g / 4g / lte. Wifi is not needed for this at all.

It means this:
1) Scan employees at the entrance with a metal detector and select all the equipment at the entrance.
2) If the employee was helped from the “freedom” and brought the mobile phone by friends / relatives, put a specially trained person to watch this on the cameras.
3) It is even better to handcuff employees to their workplaces so that they are always in sight and cannot use Wi-Fi where they are not visible from the cameras.
4) Go to the toilet in the presence of a specially trained Wi-Fi controller.
5) Just in case, I recommend shooting through the corridors.
6) Take away the passports of all employees so that they can’t quit nafig from such an organization
If that was all sarcasm and I point blank I don’t understand such moronity not at a secure enterprise, what a habit to evaluate the productivity of an employee not by financial indicators, but by some idiotic parameters like I didn’t use Wi-Fi, left later than everyone else, doesn’t waste time on a smoking room , eats faster than anyone, etc.

In addition to the administrative impact, I can suggest:
1. Turn off WiFi on employees' devices
2. Block by poppies on the router.
In general, there is not enough initial data ...

What about the meaning? Well, the employee will not use Wi-Fi, but mobile Internet.
But if you really want to, reduce the transmitter power or put a directional antenna in the direction where you want to spread the signal. Or put another point with the same SSID closer to employees and do not connect it to the Internet. Employee devices will connect to it, but there will be no Internet.
If it does not allow geographically, you will have to look for the MAC addresses of employees (and these are, as a rule, those who are connected for a long time) and block them.

I am also talking about the electronic queue, but in a different way.
1. the password on the AP changes once every N times (average waiting time in the queue * 1.5)
2. printed on a ticket. You need to understand that there will be several passwords working simultaneously.
Actually, everything. A few passwords then, so that it does not happen that the person just came, and his password expires in 2 minutes. I think that it is possible to make an individual password in general.
in this scenario, we get that the employee who wants Wi-Fi will have to regularly run for a ticket. It will be noticeable. In a situation where the client leaves the coupon, and the employee takes the password from it, it will not be so noticeable, but still - a matter of short time.
But in general, you can get confused by the MAC filter, of course.

I watched who appears online for more than three days a week - banim)))