How to create a Webclip using Cisco System Manager for Meraki

Meraki SM Dashboard

View my video for Making a webclip using Cisco System Manager for Meraki

Making a webclip is even easier then adding an app, though there is no way to have the webclip modified in the home screen layout.  If you haven't read my last post on how to install an iOS app using the Meraki SM, I definitely suggest you check it out before moving on in this post.

Now we're going to add that app to our tagged iOS devices.  The ipad had been tagged with CSPublic.  To do that we are going to first edit the "Profile and Settings".  

This can be found under System Manager -> Settings, and for this we are going to Pick CSPublic because we named the profile the same as the tag.  The Tag and the Profile name can be independent of each other.

So for making a webclip

• Label will be the name of the app
• url is the site/page your going to
• the icon needs to be 144px by 144px if you intend on using a custom icon.  
• Removable -> User can remove webclip
• Full Screen (is it full screen)
• Precomposed -> Icon will be displayed with no added effects

The settings I used for the webclips I made were Full Screen, and Precomposed.  I also added a custom logo.

You can see below the third app is actually a webclip called Tumblebooks.

iPad with Webclip

How to add an iOS app using Cisco Meraki MDM

Meraki SM Dashboard

You can view my video for Adding an iOS app using Meraki SM

We last left off having purchased Mozilla Firefox from the Apple VPP store; now we're going to add that app to our tagged iOS devices.  The ipad had been tagged with CSPublic.  To do that we are going to first edit the "Profile and Settings".  

This can be found under System Manager -> Settings, and for this we are going to Pick CSPublic because we named the profile the same as the tag.  The Tag and the Profile name can be independent of each other.

MDM Edit Profiles and Settings

So what we need to do is because our profile is setup for white listing apps, we need to add the app in 3 different sections.

1.  Under Restrictions -> iOS show/hide apps (supervised)

Show/hide Apps

2.  Add it to the Home Screen Layout

Home Screen Layout

3.  Tag the app in what profiles it is allowed to be deployed to

Systems Manager -> Apps

Firefox iOS App

Here we would add our tag CSPublic to the Scope, we make sure that VPP Device assignment is set, and all applicable options for all other management is setup.  Once done when the iPad syncs it's configuration it will install the app and put it where you put it on the home screen, in this case we put it on the iPad dock as shown below.

iPad with Firefox Deployed

How to Set Up Meraki MDM for iOS Management

View my video for Setting up Apple VPP for use with Cisco System Manager for Meraki

Finding a good way to manage iOS devices so they are secured and continue to receive updates is a major pain.  Cisco Meraki SM helps to alleviate much of that pain.  My organization just got six brand spanking new Meraki AP's and they have been working magnificently.  Management and monitoring of our wifi networks has never been easier.  The next beast we needed to tackle was an issue with some iPads our organization was using for training and other uses.  We originally went with Apple Configurator 2 because of the low cost  for the management and it seemed to work ok, not great but ok and we had access to some free Youtube training and documentation for the use of Apple Configurator 2.  However the use of Apple Configurator seemed to be inadequate as the number of apps use used got larger, iOS got bigger, and the ipads got older; it took longer and longer to do updates and secure the devices properly.  The last update to 6 ipads connected to a MacPro Laptop had taken 2 days and was still working on doing updates so we had to do something otherwise this was going to be unusable as it was taking too much staff time to manage these devices.

Since we had these new Meraki WiFi APs, I had read and seen in the settings that it was suppose to work pretty good for managing iOS, so I did some more digging and signed up for a SM trial.  I did some more digging as to what was required and got in touch with Apple about their VPP (Volume Purchasing Plan) and DEP (Device Enrollment Program).  There a couple of things you need to keep in mind when your setting this up.

VPP can not be an account that is already in use with the iTunes store or iCloud.  Any purchases under those accounts will have to be re-purchased.  To be authorized by the DEP program you must by your iOS devices directly from apple otherwise they are ineligible to be used with the DEP but they will still work with the VPP and can still be managed through the SM console.  All the ipads we had were all in use with iTunes and iCloud accounts, some were supervised some were not.  To use the iPads with the Meraki MDM I had to reset all the iPads and set them up as supervised under the account we are going to use for the VPP.

Setting up Apple MDM

When you first get going on the MDM you need to setup a Apple MDM Push certificate under the address we're going to use for the VPP account.  https://appleid.apple.com/
for the purposes of this blog post lets call it merakivpp@orgdomain.ca.  Apple will make you use 2 Factor SMS authentication with this account.

Once done you download the MDM_Meraki Inc_Certificate.pem and upload it to the apple Push Certificate Portal and Download the token certificate and upload it to the Meraki MDM

Once that is all setup and configured we will add our the iPads to our MDM.  To do that we have to make the ipad Supervised with Apple Configurator 2.  With Apple Configurator 2, all you have to do is set the device to supervised and decide if you want it to sync with other computers.  For this I set it to disallow the syncing with other systems.  You can add the ipad via profile setting in the Apple Configurator 2 or by going to a link on your network provided by the Meraki MDM page.

Once done, you will see your clients in the dashboard.  To differentiate the clients add tags, in this case I have iPad1, iPad2, iPad3. 

Once the ipads are assigned to get apps you have to buy them from the VPP.  If your not logged in, sign into the Apple VPP https://vpp.itunes.apple.com/store?cc=CA&l=en

Once that is setup purchase your apps, you will get an email with any receipts and you will also get notified when you can start using your VPP Purchase, this usually takes about 1 to 3 minutes.

Then you assign the apps via tags.  as you can see below, iPad 1 gets Excel, iPad 2 gets One Note, iPad 3 gets PowerPoint and iPad 1 and iPad 3 both get Word.  Unless the device has the tag where the app is assigned they will not get that app.  I am using the scope with Any as I don't have a large number of restrictions that are required.

***IMPORTANT***

There are a few scopes for restricting apps

WIth Any (will assign to devices with a minimum of one of the tags)
with ALL (must have all the tags)
All Devices
without any (without the tag)
without all (without all the tags)

Now for the settings, I used the Meraki managed profile.  This gives you access to the different configuration settings in Apple Configurator with a nice web front end.  With the ipad connected to our Meraki MDM with a cert to get updates when we make changes, we don't really have to sync these ipads with a computer gain unless there is a major issue with the iOS device.

From here you can add and remove apps as required, web clips and arrange home screen icons, wall paper etc.  The MDM costs may vary but in the amount of time savings it is well worth it.

Windows Update Error code C8000266

I have a few Windows 7 and Windows 2008/2008R2 VMs that occasionally take a while to do windows updates.  If it does this then the first thing you should do is go to the Microsoft download site (www.microsoft.com/download) and search for KB947821.  Download the correct version for your version of Windows Server and run it.  This is non trivial in size (about 170M), and repairs issues it finds with the Windows update database.

This may or may not fix your windows update errors.  The troubleshooter often doesn't work for me for fixing issues with Windows update but manually stopping and starting the services does fix Windows update for a time.  I tried to follow the procedure in the link below but it fails to rename the software distribution folder.  You can also delete the contents of the software distribution folder if it won't rename

https://answers.microsoft.com/en-us/windows/forum/windows_vista-update/windows-update-error-code-c8000266/2e5d57d7-d967-47af-97ed-e1ed723cd8a1

However manually stopping and restarting the services does seem to fix windows update for a time.  To do this follow the steps below.

Stop the BITS, Cryptographic, MSI Installer and the Windows Update Services. Type the following commands in the Command Prompt for this. Press the ENTER key after you type each command.

net stop wuauserv

net stop cryptSvc

net stop bits

net stop msiserver

Restart the BITS, Cryptographic, MSI Installer and the Windows Update Services. Type the following commands in the Command Prompt for this. Press the ENTER key after you type each command.

net start wuauserv

net start cryptSvc

net start bits

net start msiserver

After that windows update seems to come back for a while, I am actually using a scheduled task .vbs script found on the MSDN library and am looking into a way of doing it from the Hyper-V host to the clients.  For right now I am doing windows updates via the vbs script and have it setup as a scheduled task.  It works great; just make sure you have cscript setup before the file name to execute, otherwise it will fail.

ie. cscript windowsUpdate.vbs

https://msdn.microsoft.com/en-us/library/windows/desktop/aa387102(v=vs.85).aspx