The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About jm_peterson
jm_peterson

jm_peterson

Getting noticed

Member since Aug 14, 2018

‎12-14-2020
Kudos from
User Count
PhilipDAth
Kind of a big deal PhilipDAth
3
Richard_W
Richard_W
1
alexis_cazalaa
alexis_cazalaa
1
Noah_Salzman
Meraki Alumni (Retired) Noah_Salzman
1
wperry1
wperry1
1
View All
Kudos given to
User Count
Baustinceltic
Baustinceltic
1
Levi_
Levi_
1
aws_architect
aws_architect
3
Richard_W
Richard_W
4
Noah_Salzman
Meraki Alumni (Retired) Noah_Salzman
1
View All

Community Record

25
Posts
9
Kudos
0
Solutions

Badges

1st Birthday
First 5 Posts
Lift-Off View All
Latest Contributions by jm_peterson
  • Topics jm_peterson has Participated In
  • Latest Contributions by jm_peterson

Re: Anyone else seeing Unverified Certificates

by jm_peterson in Mobile Device Management
‎12-14-2020 10:03 AM
1 Kudo
‎12-14-2020 10:03 AM
1 Kudo
My solution was to switch to a different MDM that didn't do things like this that made me want to rip my hair out every day.  ... View more

Re: System Manager USB lock?

by jm_peterson in Mobile Device Management
‎09-22-2020 02:23 PM
‎09-22-2020 02:23 PM
If you are just looking to block mass storage USB devices you can use the following profile <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadDescription</key> <string>Configures Allowed Media settings</string> <key>PayloadDisplayName</key> <string>Allowed Media</string> <key>PayloadIdentifier</key> <string>9D5EA197-E941-48CD-84BA-28373017A52C.com.apple.systemuiserver.2C31DE6A-E143-4800-ABD4-369EA4474521</string> <key>PayloadOrganization</key> <string>MegaCorp</string> <key>PayloadType</key> <string>com.apple.systemuiserver</string> <key>PayloadUUID</key> <string>2C31DE6A-E143-4800-ABD4-369EA4474521</string> <key>PayloadVersion</key> <integer>1</integer> <key>logout-eject</key> <dict> <key>harddisk-external</key> <array> <string>deny</string> <string>eject</string> </array> </dict> <key>mount-controls</key> <dict> <key>harddisk-external</key> <array> <string>deny</string> <string>eject</string> </array> </dict> <key>unmount-controls</key> <dict> <key>harddisk-external</key> <array> <string>deny</string> <string>eject</string> </array> </dict> </dict> </array> <key>PayloadDescription</key> <string>USB Management</string> <key>PayloadDisplayName</key> <string>USB Settings</string> <key>PayloadIdentifier</key> <string>9D5EA197-E941-48CD-84BA-28373017A52C</string> <key>PayloadOrganization</key> <string>MegaCorp</string> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>9D5EA197-E941-48CD-84BA-28373017A52C</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist> ... View more

Custom package installation on macOS question

by jm_peterson in Mobile Device Management
‎04-08-2020 06:24 AM
‎04-08-2020 06:24 AM
Following https://documentation.meraki.com/SM/Apps_and_Software/Deploying_Scripts_in_Systems_Manager_using_Software_Installer I have a test package created that runs a simple script. The package is signed and notarized. From Systems Manager>Manage>Apps the devices I have tried to push this package to report "Not Installed" and on the Activity log for the machine, the status never progresses past UpdatingSoftware.  Is the SM agent looking for a specific exit code to report that the installation has finished? Looking through /var/log/install.log on several of the machines the installation finished without issue so I am not sure where the disconnect occurs.  ... View more
Labels:
  • Labels:
  • macOS

Re: Mac OS: new SM agent installs non-functional

by jm_peterson in Mobile Device Management
‎01-20-2020 01:45 PM
1 Kudo
‎01-20-2020 01:45 PM
1 Kudo
A mere 473 days later its good to know there is a resolution.  ... View more

Re: [Bug] : Unknow certificate pushed to iOS devices

by jm_peterson in Mobile Device Management
‎11-14-2019 07:14 AM
‎11-14-2019 07:14 AM
@davidson2020 I think the thread you are looking for might be https://community.meraki.com/t5/Endpoint-Management-Systems/Anyone-else-seeing-Unverified-Certificates/m-p/62026#M5509  Maybe that shouldn't effect is at play.  ... View more

Re: How does one actually remove an application?

by jm_peterson in Mobile Device Management
‎10-23-2019 02:38 PM
‎10-23-2019 02:38 PM
The easiest way would be to completely bypass Systems Manager and use a Software Management software that actually works like Munki. ... View more

Re: Anyone else seeing Unverified Certificates

by jm_peterson in Mobile Device Management
‎09-24-2019 01:57 PM
1 Kudo
‎09-24-2019 01:57 PM
1 Kudo
@Richard_W  This has definitely been seen by multiple admins across the community. I noticed it about a week back on a Catalina VM and figured since Catalina updates have yet to be pushed it was related to that. Then I saw this on roughly 800 machines.  What appears to have happened was Meraki either let the certificate lapse on the 16th or didn't plan ahead to ensure the update was pushed out in time. If you go back to m.meraki.com and reinstall the configuration profile it pulls a new verified profile signed by another Authority (image attached). From the case I have open with this the agent said it was up to Apple to trust the certificate they had updated and that it should be fine. In my opinion pushing a new cert that you are waiting on Apple to trust (what?!) into production on the premise it should be fine is unacceptable regardless of having planned it or for some reason waiting until it expired. The solution given is to ignore this on current machines, because it is a "cosmetic" issue, or push an update to each profile to every machine to update this which again should work. I can verify that new profiles pushed are verified and signed by the updated certificate, but this doesn't address the entire fleet of machines that didn't happen to start this week.  Ive said it elsewhere, but while I don't see this as having a huge impact or presenting an immediate issue it just seems par for the course for issues we have seen and it is endlessly frustrating. We place implicit trust in Meraki as an MDM provider and an assumed part of that would be Meraki staying on top of upcoming changes. Do mistakes happen? Yes. That could easily be addressed by clear communication ahead of possible breaks or changes that make it easier on all of us managing hundreds and thousands of machines that may be impacted.  Rant over but TLDR; it's happening because of that cert expiration, you get to push the changes to fix it.  ... View more

Re: 3rd Party System Preferences Blocked

by jm_peterson in Mobile Device Management
‎09-12-2019 08:21 AM
1 Kudo
‎09-12-2019 08:21 AM
1 Kudo
@L4d1k While I have an ever-growing list of things I wish Meraki could do, this feature was silently implemented. If you enable the System Preferences Payload at the bottom you can list the Third Party System Preference Panes you wish to enable. You can use http://apetronix.com/find-pane-id-for-system-preferences-app/ to get the pane-ID for the apps you need to whitelist.  ... View more

Re: API for Endpoint Management?

by jm_peterson in Mobile Device Management
‎08-07-2019 08:18 AM
‎08-07-2019 08:18 AM
@MichelRueger As it stands now the api is limited in that sense and you cannot manipulate custom profiles. It seems the functionality is limited to what you can edit if you clicked on a device(s) page in Systems Manager, or return data on all the clients on a SM network.  I have used it extensively for those tasks if you need any additional information.  ... View more

Re: Quarantine Mobile Devices via API

by jm_peterson in Mobile Device Management
‎07-26-2019 01:09 PM
2 Kudos
‎07-26-2019 01:09 PM
2 Kudos
@wperry1 I ran into the same issue. The two options I came up were 1. What you are doing by moving the device(s) to a new network. 2. Tie access to x,y,z to tags and then as apart of your termination script loop through the tags and delete all of them. Below is an example of that I used in python. This way all the access was removed but the device was still managed. You can play with the hostname variable too so that they show up something like `Termed-useraccount`. def get_all_tags (): url = "https://api.meraki.com/api/v0/networks/%s/sm/devices" % network_id querystring = { "serials": serial_number } payload = "" try: r = requests.request("GET", url, data=payload, headers=meraki_headers, params=querystring) r.raise_for_status() except requests.exceptions.HTTPError as err: print (err) sys.exit(1) machine_info = r.json() global users_machine_id, machine_tags users_machine_id = machine_info['devices'][0]['id'] machine_tags = machine_info['devices'][0]['tags'] def update_meraki_hostname (): print ("Attempting to update hostname in Meraki.") headers = { 'X-Cisco-Meraki-API-Key': meraki_api_key, 'Content-Type': "application/json", } data = {"serials":serial_number, "deviceFields": {"name":host_name} } requests.put('https://api.meraki.com/api/v0/networks/%s/sm/device/fields', headers=headers, data=data) % network_id def meraki_tag (action, ttype): url = "https://api.meraki.com/api/v0/networks/%s/sm/devices" % network_id args = { "updateAction":action, "tags": ttype, "serials":serial_number} payload = "" headers = { 'X-Cisco-Meraki-API-Key': meraki_api_key, 'Content-Type': "application/json", 'cache-control': "no-cache", } try: r = requests.request("PUT", url, data=payload, headers=headers, params=args) r.raise_for_status() except requests.exceptions.HTTPError as err: print (err) def meraki_tag_loop (): for t in machine_tags: meraki_tag ('delete', t) ... View more

Apply tags based on DEP settings?

by jm_peterson in Mobile Device Management
‎06-27-2019 07:29 AM
‎06-27-2019 07:29 AM
I haven't been able to figure this out but maybe someone else has.  Is it possible to have a certain tag "X-tag" apply to a machine when DEP settings "X-dep" are assigned? I have a default tag applied under Systems Manager > Configure > General, but this is for any machine added to the SM network.  My hope was to apply "X-tag" to "X-dep" and "Y-tag" to "Y-dep" to push specific configuration for each setting without having to manually tag a machine.  ... View more
Labels:
  • Labels:
  • DEP
  • macOS

Re: MacOS Deployment - Switching from DeployStudio

by jm_peterson in Mobile Device Management
‎05-10-2019 07:14 AM
‎05-10-2019 07:14 AM
@MelissaI would love to be apart of this as well. I tried to send you a PM but it appears that option is absent on your profile. ... View more

Re: Autoscoping tags based on OS version

by jm_peterson in Mobile Device Management
‎04-18-2019 10:07 AM
1 Kudo
‎04-18-2019 10:07 AM
1 Kudo
@vassallonUnfortunately that didnt work. I was looking for a way to automate this for Mojave so custom pppc/tcc/kernel extensions could be applied as users update. Since there is no solution I threw one together. Disclaimer, python is not my strong suit so there is probably a more efficient way to do this but this is working for me. You just need to replace YOURSMNETWORKID with your network_id, yourreallylongapikey with your api key, and the tag name with whatever you want the tag to be.  Hopefully this is of use to someone. ¯\_(ツ)_/¯ import requests import json meraki_url = 'https://api.meraki.com/api/v0/networks/YOURSMNETWORKID/sm/devices' aki_key = 'yourreallylongapikey' search_models = ['OS X 10.14', 'OS X 10.14.1', 'OS X 10.14.2', 'OS X 10.14.3', 'OS X 10.14.4', 'OS X 10.14.5'] meraki_payload = "" meraki_headers = { 'X-Cisco-Meraki-API-Key': aki_key, 'cache-control': "no-cache" } def tag_the_machines (serial_input): url = 'https://api.meraki.com/api/v0/networks/YOURSMNETWORKID/sm/devices/tags' args = { "updateAction": "add", "tags": "Mojave", "serials": serial_input } payload = "" headers = { 'X-Cisco-Meraki-API-Key': aki_key, 'Content-Type': "application/json", 'cache-control': "no-cache", } try: r = requests.request("PUT", url, data=payload, headers=headers, params=args) r.raise_for_status() print ("Tagged" + '' + serial_input) except requests.exceptions.HTTPError as err: print (err) def check_key(dict, key): if dict.has_key(key): global batch batch = dict[key] else: print ("Batch not key present") def get_all_machines (): url = meraki_url payload = meraki_payload headers = meraki_headers r = requests.request("GET", url, data=payload, headers=headers) global all_machines all_machines = r.json() check_key (all_machines, 'batchToken') create_mojave_dict() def send_batch_request (): url = meraki_url payload = meraki_payload querystring = { "batchToken": batch, } headers = meraki_headers r = requests.request("GET", url, data=payload, headers=headers, params=querystring) global all_batch_machines all_batch_machines = r.json () create_mojave_batch_dict() def create_mojave_dict (): serial_number = [] os_name = [] for m in all_machines["devices"]: serial_number.append(m["serialNumber"]) os_name.append(m["osName"]) machine_dict = dict(zip(serial_number, os_name)) global mojave_machines mojave_machines = [] for s in search_models: for k, v in machine_dict.items(): if v == s: mojave_machines.append(k) for m in mojave_machines: tag_the_machines(m) def create_mojave_batch_dict (): serial_number = [] os_name = [] for m in all_batch_machines["devices"]: serial_number.append(m["serialNumber"]) os_name.append(m["osName"]) machine_dict = dict(zip(serial_number, os_name)) global mojave_batch_machines mojave_batch_machines = [] for s in search_models: for k, v in machine_dict.items(): if v == s: mojave_batch_machines.append(k) for b in mojave_batch_machines: tag_the_machines(b) if __name__ == '__main__': get_all_machines() send_batch_request() ... View more

Re: Autoscoping tags based on OS version

by jm_peterson in Mobile Device Management
‎04-16-2019 11:31 AM
‎04-16-2019 11:31 AM
@vassallon It was definitely a good idea. But it appears the security policy cant scope worth a damn and returns this. ... View more

Autoscoping tags based on OS version

by jm_peterson in Mobile Device Management
‎04-09-2019 08:26 AM
1 Kudo
‎04-09-2019 08:26 AM
1 Kudo
Is it possible to scope a tag to devices on a specific os version? Such as 10.13.x get “Tag A” and 10.14.x get “Tag B” from Systems Manager? ... View more
Labels:
  • Labels:
  • macOS

Re: Privacy Preferences

by jm_peterson in Mobile Device Management
‎03-26-2019 02:20 PM
1 Kudo
‎03-26-2019 02:20 PM
1 Kudo
@sshortThanks for the response. That's the way I have been doing it and it works flawlessly. Granted I would like Meraki to have provided this since it was needed, several months ago, but this post is about them sliding in the ability to do so without any information about it. Using Jamf's tool works great, is intuitive, and has plenty of documentation. The "feature" we were given is confusing and has zero information about it. ... View more

Privacy Preferences

by jm_peterson in Mobile Device Management
‎03-26-2019 02:01 PM
‎03-26-2019 02:01 PM
I know the answer is no before I ask it, but has anyone found documentation from Meraki on the ever so late to the game addition of PPPC control in SM? I saw this option slide in under the radar and cant find any information on it. It would be nice to not have to create dozens of different PPPC profiles and wish upon a star scoping works, but as per usual the lack of documentation has me apprehensive to either move forward with this or trust it will work. ... View more
Labels:
  • Labels:
  • macOS
  • Other

Re: Deploy MDM Profile & Agent in One Package

by jm_peterson in Mobile Device Management
‎02-25-2019 11:02 AM
‎02-25-2019 11:02 AM
Was there ever more information posted on this? ... View more

Re: Mac OS: new SM agent installs non-functional

by jm_peterson in Mobile Device Management
‎12-03-2018 08:47 AM
‎12-03-2018 08:47 AM
@Kevin_C Any other suggestions?  ... View more

Re: Mac OS: new SM agent installs non-functional

by jm_peterson in Mobile Device Management
‎11-26-2018 01:34 PM
‎11-26-2018 01:34 PM
@Kevin_C Thanks for the info. Unfortunately I have tried that approach both en masse (pushing the update to all users) and selecting users one by one and nothing updates.  ... View more

Re: Mac OS: new SM agent installs non-functional

by jm_peterson in Mobile Device Management
‎11-26-2018 12:51 PM
‎11-26-2018 12:51 PM
@Newt Maybe you will have better luck with this approach. I followed https://documentation.meraki.com/SM/Device_Enrollment/Systems_Manager_Agent_and_MDM_Profile_Enrollment#Auto-installing_the_macOS_Agent  The silent update feature has worked on 9 machines out of roughly 800. And some of those may have been removed from the network and re-added so I cannot confirm if this worked for any of them.  The documentation says this should work, and while I doubt its something in my configuration and not just SM not working correctly, you may have better results.  ... View more

Re: Mac OS: new SM agent installs non-functional

by jm_peterson in Mobile Device Management
‎11-20-2018 10:05 AM
‎11-20-2018 10:05 AM
@Kevin_C  I also have the Agent pushed to roughly 800 machines and it has silently updated a total of 9 since the update. Anything we need to do for this to work? ... View more

Re: 3rd Party System Preferences Blocked

by jm_peterson in Mobile Device Management
‎09-13-2018 08:05 AM
‎09-13-2018 08:05 AM
 @jcapitan I ended up creating mobileconfig files for different roles, and removing system preference management from the profile. So I apply the other settings I need for each role and then adjust the settings in following mobileconfig for each role. <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadIdentifier</key> <string>com.yourorg.prefpanes</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>72F73F53-A5E6-48CE-AB73-27641F526EF7</string> <key>PayloadOrganization</key> <string>YOURCOMPANYNAME</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadDisplayName</key> <string>Preference Panes</string> <key>PayloadContent</key> <array> <dict> <key>PayloadType</key> <string>com.apple.systempreferences</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadIdentifier</key> <string>com.yourorg.profile.prefpanes</string> <key>PayloadEnabled</key> <true/> <key>PayloadUUID</key> <string>d264dfc2-2b01-f0d0-24e2-9c98d6f3239b</string> <key>PayloadDisplayName</key> <string>Preference Panes</string> <key>EnabledPreferencePanes</key> <array> <string>com.apple.preferences.Bluetooth</string> <string>com.apple.preference.datetime</string> <string>com.apple.preference.desktopscreeneffect</string> <string>com.apple.preference.digihub.discs</string> <string>com.apple.preference.displays</string> <string>com.apple.preference.dock</string> <string>com.apple.preference.expose</string> <string>com.apple.preferences.extensions</string> <string>com.apple.preference.general</string> <string>com.apple.preference.ink</string> <string>com.apple.preference.keyboard</string> <string>com.apple.Localization</string> <string>com.apple.preference.mouse</string> <string>com.apple.preference.network</string> <string>com.apple.preference.notifications</string> <string>com.apple.preferences.parentalcontrols</string> <string>com.apple.preferences.password</string> <string>com.apple.preference.printfax</string> <string>com.apple.preference.sound</string> <string>com.apple.preference.speech</string> <string>com.apple.preference.spotlight</string> <string>com.apple.preference.trackpad</string> <string>com.apple.preference.universalaccess</string> <string>com.apple.preferences.appstore</string> <string>com.apple.prefs.backup</string> <string>com.apple.preference.energysaver</string> <string>com.apple.preference.security</string> <string>com.apple.preferences.sharing</string> <string>com.apple.preferences.softwareupdate</string> <string>com.apple.preference.startupdisk</string> <string>com.apple.preferences.internetaccounts</string> <string>com.apple.preferences.wallet</string> <string>com.apple.prefpanel.fibrechannel</string> <string>com.apple.Xsan</string> <string>com.gnnet.Jabra</string> </array> <key>DisabledPreferencePanes</key> <array> <string>com.apple.preferences.internetaccounts</string> <string>com.apple.preferences.configurationprofiles</string> <string>com.apple.preferences.icloud</string> <string>com.adobe.flashplayerpreferences</string> <string>com.oracle.java.JavaControlPanel</string> </array> </dict> </array> </dict> </plist>  The following article is helpful for getting the preference pane id for third party applications. http://apetronix.com/find-pane-id-for-system-preferences-app/  ... View more

Re: 3rd Party System Preferences Blocked

by jm_peterson in Mobile Device Management
‎08-14-2018 03:00 PM
‎08-14-2018 03:00 PM
My apologies for not clarifying. MacOS. ... View more

3rd Party System Preferences Blocked

by jm_peterson in Mobile Device Management
‎08-14-2018 07:16 AM
‎08-14-2018 07:16 AM
Im trying to find away around all of our 3rd party extensions being blocked in System Preferences. It seems that no matter the configuration we choose, if we manipulate anything within System Preferences for a profile then any 3rd party item (Flash, mySql, Jabra, Java etc) are greyed out. These can all be used in other ways but the convenience of starting the programs from there is being voiced by our end users. Maybe there is something simple I am missing with this, but any help would be appreciated!  ... View more
Labels:
  • Labels:
  • DEP
Kudos from
User Count
PhilipDAth
Kind of a big deal PhilipDAth
3
Richard_W
Richard_W
1
alexis_cazalaa
alexis_cazalaa
1
Noah_Salzman
Meraki Alumni (Retired) Noah_Salzman
1
wperry1
wperry1
1
View All
Kudos given to
User Count
Baustinceltic
Baustinceltic
1
Levi_
Levi_
1
aws_architect
aws_architect
3
Richard_W
Richard_W
4
Noah_Salzman
Meraki Alumni (Retired) Noah_Salzman
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Quarantine Mobile Devices via API

Mobile Device Management
2 1949

Re: Anyone else seeing Unverified Certificates

Mobile Device Management
1 9674

Re: Mac OS: new SM agent installs non-functional

Mobile Device Management
1 16306

Re: Anyone else seeing Unverified Certificates

Mobile Device Management
1 14005

Re: 3rd Party System Preferences Blocked

Mobile Device Management
1 4689
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki