- About Duke_Nukem
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Duke_Nukem
Here to help
Member since Sep 21, 2017
yesterday
Community Record
16
Posts
4
Kudos
0
Solutions
Badges
2 weeks ago
Thanks! And thanks to @PhilipDAth for the excellent script/webpage that makes it! I was able to use our deployment software to push it to a few test machines as the System account. That worked. Other questions, and sorry for my ignorance on some of these questions. Been down so many search rabbit holes... I'm trying to get Cisco Meraki support to change the Client VPN settings (AES128 and Group 14). Just on our DR site's MX, for testing. When they make the change, will my current VPN client on Windows 10 (created with the CMAK) still connect, but just at a lower encryption? In order to use the PCI compliant encryption, I would need to redeploy our VPN client, like the one I created using PhilipDAth's script? Or can I somehow script the change in just the Cryptographic suite being used for the current VPN connection? Lastly, do I need to have Cisco Meraki support turn off the lower encryption (3DES?) that is being used for the VPN client currently, to pass the PCI scans? Sorry for all the questions. Just trying to get a handle on this, and trying not to have this blow up in my face. Thanks!
... View more
3 weeks ago
I can't get the VPN connection to install under the logged on user when running the script as an admin. It only shows up under the admin's account. How are you running it as System? Using a deployment software, like PDQ Deploy? Thanks,
... View more
05-08-2020
05:19 AM
1 Kudo
I'm not talking just beta. My fear is they will roll this out to only those models. Can a Cisco Meraki employee confirm?
... View more
05-07-2020
04:20 AM
2 Kudos
I contacted my VAR to see if he's heard anything from his rep at Cisco. They told him that it will only be available to the MX250/450 and MX67/68. He also they said it would go Public Beta Q1 FY21 (August of this year). This can't be limited to just those models. That's crazy. Say it ain't so.
... View more
12-11-2019
12:23 PM
Been doing some testing and am running into various walls. 1. It looks like you have to be a Local Admin on the machine to do the enrollment of the Profile for Domain-joined PCs. 2. This command at least calls the enrollment process, but it doesn't enter the Network ID. It still prompts for that. Tried all the other parameters for that command too. No dice. AND you still need to be a local admin. ms-device-enrollment:?mode=mdm&username=email@domain.com&servername=n123.meraki.com&tenantidentifier=123-456-7890 If only the Agent had the functionality to install the Windows Profile.
... View more
12-10-2019
08:14 AM
There is an Intune process using GP, but that can't be used for this. https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy There has to be a way to automate this.
... View more
12-10-2019
07:05 AM
Of the SM Profile? Not the Agent. We already push the Agent via GPO.
... View more
12-10-2019
05:35 AM
Greetings, We're contemplating making the move from Legacy SM to Licensed SM. Some of the Sentry improvements look interesting/useful. Any regrets from others out there that have made the move? Also, we have about 800 devices in SM currently. A mix of Windows 10, Windows Servers, iPhones, and iPads. All of our Windows 10 devices have the Agent installed. Is there an automated way to get the SM Profile installed on them? Doing it manually on each machine would take forever. And sending an enrollment link email to the masses will get mixed results. Group Policy? PowerShell? Thanks.
... View more
Labels:
11-20-2019
06:10 AM
That's great, but do a search for a tool called Iodine. Port 53 needs to be blocked. The tech I had on the call showed me the tool and how it can be used in this scenario. Eye opening...
... View more
11-04-2019
10:29 AM
Opened a ticket with Meraki last week. Confirmed with them via packet captures that a client on the Guest wifi could talk to servers on the internal LAN. Was able to telnet via port 53 to our DNS/AD servers. Definitely a bug in their setup. Temporary fix was to add the explicit "deny any 192.168.0.0/16 any" to all of our WiFi networks that use Meraki NAT mode (Guest, mobile phones, scanners).
... View more
10-28-2019
05:07 PM
1 Kudo
Back from the dead again... We recently had a Network Security Assessment done and the assessor informed us of the ability to see the internal/private LAN when on the Guest wifi network using nmap. My settings are the same as the original poster - Deny any to the Local LAN. AND the Captive Portal strength is set to Block all access until sign-on is complete. They could see all machines on the local LAN and discover open ports/services. This isn't the behavior I thought we had in place. Not good. Not happy.
... View more
06-28-2018
09:51 AM
The increased traffic ceased yesterday at 4 PM EDT and hasn't returned.
... View more
06-28-2018
07:48 AM
We have seen a delay in setting up iPhones in the past week. Maybe your issue and my issue are related. https://community.meraki.com/t5/Endpoint-Management-Systems/Meraki-HTTPS-traffic-to-SM-clients-increased-dramatically/m-p/22500#M2523
... View more
06-28-2018
05:23 AM
We're using the legacy version of SM for around 375 Windows clients. Around 6/19 the amount of traffic being downloaded by the SM endpoints increased dramatically. In the past 9 days they have downloaded over 400 GB of data at just one of our locations. Going to open a ticket, but wondering if others are seeing the same? Thanks,
... View more
Labels:
10-26-2017
11:29 AM
When we transitioned over to Windows 10 we ran into an issue with Win10 machines not connecting to the hidden SSIDs. They just wouldn't do it. We had to broadcast the SSIDs for them to connect. This was with a IAS setup on 2003 and then NPS on 2012 R2. We're not on 2016 yet, so I can't help ya there. Some other things to check: - I assume you're using a group in AD, and putting machines into that? Make sure your machine builder is adding them into that group. - Certificates - in your Network Policy on NPS, Constraints tab, Authentication Methods, PEAP - edit. Make sure your certificate is valid and not expired.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 17550 | |
| 1 | 17405 | |
| 1 | 3593 |
