Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About rguthrie
Community Record
26
Posts
4
Kudos
2
Solutions
Badges
03-14-2019
01:46 PM
Hi sshort~ that's part of the problem we've encountered. It's NOT creating a new record when deleting from the "device" list. At this time, if I read Richard_W's comment correctly, even after 24 hours the old info sticks.
... View more
03-14-2019
11:24 AM
Honestly, it was trial and error. And in truth, the actual wait time could be somewhere between 4 hrs and 24 hrs. There seems to be a lag between DEP and Cisco, and in previous troubleshooting that involved DEP we have found that it was prudent to wait several hours... and we settled on a full 24 as a matter of course.
... View more
01-09-2019
01:26 PM
You're welcome Mykl (sorry for late response I wasn't very active in the forums last quarter of 2018 due to some projects. How did the test with the DEP Macbook Pro go? Also~ note that the link you list in the 10-11 11:53 post is not leading to an article.
... View more
07-26-2018
10:22 AM
AWESOME!!!!
... View more
07-26-2018
10:19 AM
Hi Phil~ I definitely feel your pain on this one! The KEXT issues that have come with the added security of 10.13.4 do have a viable workaround (albeit a manual one): create .mobileconfig payloads that are delivered as profiles to the macbooks. You could have individual ones or keep a master list. Short Version: 1. Create a apple profile / .mobileconfig file that allows the application 2. In Meraki Go to System Manager > MDM Settings > Add Profile > Upload custom Apple profile For details on step 1 and some excellent info from user sshort, go to this thread: https://community.meraki.com/t5/Endpoint-Management-Systems/whitelisting-kernel-extensions-via-team-id-s/m-p/21446#M2437 edit: I see that you ran into that thread. I do agree that this shouldn't have to be a "thing". It's taking a bit of time for developers to catch up to these added securities at the kernel level. I will kudos your post for sure.
... View more
07-20-2018
10:45 AM
hey Adam, Despite saying that I would not "be registering it via the below Settings > Accounts > Access work or school instructions" again, I did. I also re-installed the agent. Then removed all tags and owner from the device on Meraki Deshabord and ensured no policies were being enforced. THEN, I deleted the agent on the Win10 system, and unsync'd it from the "Access work or School" setting. LASTLY, I deleted it from the Meraki Dashboard.... Waited several hours and re-added that same machine with success (following the official Meraki steps which include the Settings > Accounts > Access work instructions...). So yes this main issue on this thread was addressed since the Win10 client now checks in properly without the red banner. BUT the looping issue continues, and I'm working on that one here https://community.meraki.com/t5/Endpoint-Management-Systems/password-policy-in-Windows-10/m-p/4159
... View more
07-20-2018
10:31 AM
Hey Phil! We've crossed each other in the IT nether!!! I was just on a demo with a couple of the CrowdStrike folks just yesterday afternoon 🙂 Their product is nothing short of amazing. But truthfully, although it was SUUUPER cool and the insight it offered was mind-blowing, it was also overkill for what we need... I think we're still going to trial it in the interest of being thorough (And because I'm dying to play with their features). Please do follow up and let me know what you decide at the end. We're still on the Sophos trial ourselves. And considering ESET next. Feels like I've been researching and testing this stuff for ages 😐
... View more
07-06-2018
08:38 AM
Hello All, Well~ our Trial has come and gone. Although I liked the dashboard interface and their support was responsive when we needed them, Trend Micro's Worry Free Business Security Services is not the ideal solution for a mac shop. We were unable to remote install TMWF without end-user interaction, and the uninstall from dashboard does not work. Systems with macOS require a manual uninstall (found in the tools section). Most concerning was the fact that we were unable to create directory exclusions with wildcards. Most of our users use some kind of mounted cloud directory file share, the scan would attempt to include the entire directory... and due to the lack of wildcard usage, we were unable to use the targeted scan options to only include certain directories (which would require a wildcard in lieu of each username). Most of their documentation and advanced scripting/support is geared for Windows environments. Overall, it was very limited functionality. We know this is not TrendMicro's only offering, so we will be reaching out to sales and consulting on whether they offer something different for our needs. We are also trying out Sophos (which so far seems more robust for macs although it has the same limitation for user interaction for install). I'll gladly return and post what I find.
... View more
07-06-2018
07:38 AM
Bonjour @cmiarshvac I actually dealt with Meraki support yesterday over this issue. They had me run this command at a DOS prompt (it's the command that the agent used to check complaince) WMIC /Namespace:\\root\SecurityCenter2 Path AntiSpywareProduct Get * /Format:List That should listdisplayName=Windows Defender and productState=397568 (product state might vary... would have to confirm with Meraki) If it doesn't list Windows Defender open a ticket with them... but if it does like mine did, they had me turn off the Defender on the system in question and turn it back on. What I did was disable all part of defender, waited a few minutes and rebooted. The reboot turns the Real Time Protection back on by default, and I manually turned on the other components. My system showed up secure and compliant within an hour!!
... View more
07-05-2018
09:41 AM
Hello Community~ I hope everyone had an awesome and safe Independence Day. Here are the steps I took to continue the testing: On the Windows Client click start > type connect to work > click on the best match result > Clicked on Enroll only in Device Management > Entered in my work email > the server info > my network ID Windows device successfully connected. Confirmed client appeared in Dashboard. Removed any auto-tags that attached. note: No live tools appear, but that is expected. Logged out and back in. Password remained intact. Downloaded the agent onto the Windows Client and installed it. Waited 15 mins. Checked client in the dashboard and the Live Tools appear. Tested notifications, screenshot and remote desktop successfully. Sent a reboot command to the Windows Client using Power Control successfully. Logged in without password change prompt on both accounts on that client. Waited 1 hour and tested the passwords again via logoff/logon and also a reboot and they remained intact. Now I have a baseline. The client is checking in, reporting activity, and not prompting for password changes. We know per Tech Support that adding a profile with a password payload will trigger the issue. I will refrain from adding any profile payload at all. Next Phase of Testing: Add tags to the Windows Client, Create a Windows Custom App and attach those tags, and prior to pushing that app, ensure that this does not cause the password loop issue. I will report again. out-of-scope research: Confirm why this system fails the policy audit due to "FW not installed, FW not enabled, AV not running" even though Windows Defender and Windows Firewall are both enabled / running / updated.
... View more
07-05-2018
09:16 AM
Greetings~ was any resolution found for this issue? Currently, I have a baseline Windows 10 Client that does not have any 3rd party AV. Windows Defender and Windows Firewall are both enabled / running / updated.... but it is also failing due to "FW not installed, FW not enabled, AV not running".
... View more
07-03-2018
02:08 PM
Hello Everyone, The first time I ran into this issue was Feb 2017. The case back then was closed without resolution. This week, we decided to test adding a couple of Windows 10 Pro systems to our MDM once again, but ran into the same password prompt issue. Today, I opened another case on it, and this was the official response: Thank you for contacting Cisco Meraki Technical Support! At the moment, we are currently experiencing issues with Windows devices receiving the password payload, where it causes the behaviour you are describing. Our developers are currently working on a fix for this issue. Unfortunately Support does not have an estimated timeframe for this, but I will provide an update for you as soon as I hear any. I apologize for this inconvenience this will cause for your network and devices. In terms of a workaround, are you able to remove the passcode payload from the test profile to make sure the devices are not constantly resetting, and become functional? I did, in fact, remove the passcode portion from the profile, and it seemed to fix the problem for a little while, but then it started happening again... so I deleted the settings profile for our windows machines completely and this fixed the problem until I attempted to push an application to the Windows client. As soon as I added a custom app with tags matching the windows clients (ThinkPad, Test) the password looping issue returned. This was prior to even attempting to push the application. I'm continuing to test... my next steps will be as follows: 1. uninstall the agent from the windows client 2. disconnect client from the windows "connect to work / school" 3. remove all tags from the device in the dashboard 4. remove owner from the device on the dashboard 5. delete the custom windows app from the App dashboard 6. delete the windows client from the network 7. wait 24 hours (this is important I've found in the past) 8. re-add the windows client starting with the "Connect to Work and School" step I will report back later this week with my findings @RealBoringAdmin
... View more
07-03-2018
08:51 AM
Just replying to myself here... it looks like it took a little patience. Waiting a couple of hours wasn't enough. This morning, the Live Tools appeared on the dashboard for that system.
... View more
07-02-2018
12:42 PM
Hello community! As described int he subject.... I've added a Windows 10 pro client to our network and it checks in and provides basic data; however, the Live Tools section is missing completely. Steps taken to register device: 1. Installed SM agent via .msi package I provided via google drive. This installed, but it did not appear in our Device List. 2. Attempted to register via the m.meraki.com page and entering in our network ID/authenticating. Nothing happened there either. It just sat in "registering device" loop and offered a button to download the agent. Downloaded the agent from that link and set it aside. 3. Followed the "Windows Profile" instructions for Windows 10 and registered via the Access Work or school / Enroll in Device Management only. The machine appeared in our Client List, but there is no Live Tools section. 4. Ran the agent again... windows prompted that it was already installed and if we wanted to repair. We selected repair and it ran successfully. System still does not reflect Live Tools in the Device Dashboard. Any thoughts on this? Did I miss an install or setting perhaps?
... View more
Labels:
- Labels:
-
Enrollment
07-02-2018
12:15 PM
1 Kudo
Thanks Adam~ I'll take a look at those links and give the install a shot.
... View more
06-27-2018
01:33 PM
Hello Community ~ I have a lenovo laptop with windows 10 which previously had Meraki Agent installed and subsequently uninstalled. This week, I re-installed the agent for some testing and troubleshooting and although the system is online and I can interact with it from the meraki dashboard, the top banner reflects: Management profile has been removed from device! It has been over 24 hours and it still reflects that banner. Does that go away? Please note that I have not -and will not- be registering it via the below Settings > Accounts > Access work or school instructions due to a looping password at log-in error we've experienced. The only step I take with the few Windows systems we have in our network is to install the agent. Any insight would be helpful. Thanks!
... View more
Labels:
- Labels:
-
Enrollment
-
Other
06-18-2018
10:31 AM
ok~ I did some testing and I had success removing / re-adding a macbook pro with a clean slate on the dashboard. Here are the steps I took to "cleanly" disconnect my test macbook pro and re-added it so it appeared brand new. Steps Taken Removed all tags from the dashboard (which resulted in 2 profiles being removed from the client) From the macbook go to System Preferences > Profiles > Removed meraki profile (was password prompted since we have it password protected in our network) Used the uninstaller to remove the agent from the macbook Cleared Owner from the dashboard. All autotags except for Mac Device disappeared and here is what I was l was left with Removed the client from the network via the dashboard > select client > delete > remove from network Note: This macbook is not part of our Device Enrollment Program. I have not tested with a DEP system; however, if yours is part of the DEP, I recommend waiting 24 hours before the reinstall and setup steps 6 & 7 (with DEP steps 8 & 9 below are moot) and don't forget to assign settings in the ADEP dashboard screen. Rebooted the macbook in internet recovery mode (option-command-r). Used disk utility to wipe the HDD and then selected new High Sierra install. Once wipe/reinstall is complete, initiated the MacBook through the setup including enabling location services and connecting to WiFi. Waited 48 hours before attempting to re-enroll (as an added precaution and because it was Friday afternoon) Opened Safari > URL m.meraki.com > entered our Network ID > authenticated > accepted the profile install At this point, I checked the daskboard, and the device appeared brand new. No previous installation information or preferred SSID's appeared. 🙂
... View more
06-14-2018
10:26 AM
Aaah! gotcha. We have very few win machines. The macOS versions vary.... our devs work on 10.12.1 - 10.13.4 (I know, this makes it a little harder to narrow down). I thought at first it was related to the test machine having 10.13.4 with the new KEXT enforcement, but we've eliminated that as the culprit. I'm about to wipe a system and use it as a test bed. I'll gladly update the thread down the road with a summary of findings, etc.
... View more
06-13-2018
11:58 AM
Thanks so much all!! Off topic: what caused the jamf to meraki move @Dagan ? I'm happy with Meraki meself, but recently the question of "have we looked into jamf" came up and any insight would be awesome. thanks!
... View more
06-13-2018
10:23 AM
I'm on my 3rd day of the Trend Micro Worry Free trial. So far so good with our test system; however, we had to manually install it. I was not able to push it out via the Meraki Applications push. Furthermore, the link provided in the email to install it would not work in MacOS Chrome. We had to do it from Safari (weird I thought). @Stoffe did you run into anything similar? How did you push this to your users?
... View more
06-13-2018
10:19 AM
Hi sshort, I'm still fairly new to this remote-management world, and despite using Meraki for a year, I'm certain I'm scratching the surface here with what I can accomplish with it.... Anywho~ let me see if I understand your solution correctly: From your post above, it seems like all I would need to do is create a .mobileconfig profile via the macOS Server app and then push it out to the users via System Manager > MDM Settings > Add Profile > Upload custom Apple profile Is that correct? Then moving forward, I just need to create a new profile each time we have a program/app that runs into the System Extension Blocked error when we attempt to install.
... View more
06-05-2018
08:34 AM
3 Kudos
Howdy! I've actually been looking for an antivirus solution as well (but in our case, it's nearly 100% mac users). I tried AVG's and found that it "does not play well" with Meraki. Despite hours of troubleshooting, we (both AVG support and Meraki internal support) were unable to get AVG's antivirus service to work allow Meraki traffic on macbooks properly. The short version: A macbook that already has the SM installed receives the pushed app AVG from Meraki. It will check-in and work as expected until a reboot. Once it reboots, the AVG service super imposes itself and does not allow the Meraki MDM traffic through (and there was no way to whitelist on the macOS version of the AVG app). So, I do not recommend AVG. Someone mentioned Sophos to me, but while looking at their website, it looks like they are a whole MDM solution itself (which includes endpoint protection). I'll report back if I find anything useful during the trial to address just the endpoint protection part.
... View more
04-30-2018
12:19 PM
hey y'all~ I know I'm a hair late to this party, but I wanted to comment here. This should not be expected behavior. Once removed, my reasonable expectation is that it is removed. It should purge that info. It's a nightmare with my test machine which gets re-imaged and re-added often. And not always do I get that update in 10-60 mins as sshort mentioned. And even if it does, it will pick up the new owner, but it will list a ton of apps on it that aren't really on there. 😐 As you mention here MRCUR, next test go 'round I will try removing all the tags first and even go as far as uninstalling the agent on the test system, reset to factory settings and re-enroll it.
... View more
04-09-2018
08:49 AM
Thanks jared_f. This gets us partway there 🙂
... View more
04-08-2018
04:54 PM
Thank you for this amazing response sshort. I recently learned about secureToken and I was hoping that I had missed something in Meraki about making those admin accounts.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 5564 | 07-06-2018 07:38 AM | |
| 1890 | 07-03-2018 08:51 AM |
My Top Kudoed Posts
