We're having issue in the Meraki group policy that when we run a PDQ, our tool for mass application and configuration deployment, Meraki sees the service account as the current user. This overrides the content filter policy applied to a particular user's group to the default network policy.
Our default content filtering policy is allowing google.com and we have a policy created that blocks all content.
I have a user that's a member of a security group in AD that's mapped to the Meraki Dashboard group that blocks all content which we call Debug-I. When the user logs in to a Windows Machine, in the event log we can see the domain authentication with the correct group on the Windows Machine. However, once we run PDQ, our tool for mass application and configuration deployment, Meraki sees it as the current user and changes the policy from Debug-I to the default content filtering even though the user hasn't logged out of that Windows machine.
Has anyone faced same or similar issue? How did you overcome it?
Hi @rlat. This is due to Meraki reading the WMI events for users that login/out of the server. This is an unfortunate con in AD integration with WMI. I have this issue with Cisco Umbrella as well. Because WMI is reading the last user login or configuration event, it will always go with the last user account that has logged in or is in use with the server. The best way to lock this down would be to create an access policy tied to the server or server IP address and make sure that policy supersedes other user policies. This way only the server policy works and not the user policy. Here is what Umbrella support provided me. Same issue applies with Meraki AD integration.