My Meraki Journey

One of the things I’ve enjoyed most in the last couple of years in my job has been rolling out and using Cisco Meraki networking equipment across the 29 offices Christian Aid has in the developing world.

The whole experience of learning about the devices and service, designing our implementation, rolling out, and then supporting and using Meraki daily has been fun, which hasn’t been something I’ve found myself saying about other projects I’ve worked on such as SharePoint or Cisco ASAs. Meraki just hasn’t been as challenging, but in a good way – I’ve managed to achieve so much without increasing blood pressure or tearing any hair out on the way. I have had to put my technical knowledge and skills to use for sure, but in a more graceful way that has just been more…pleasant.

In upcoming posts I want to share what I have done with Meraki, because I think that anyone who wants to achieve the same things with their network can do it most easily with Meraki and should consider it.

In posts over the next couple of weeks I’ll be covering the following things:

  • Global VPN
  • Standardised WiFi networks
  • Mobile Device Management
  • Bandwidth Management
  • Sharing networks and internet connections with other organisations and the public

I hope you are interested on coming along with me for some of the journey.

Advertisements

Running Windows Remote Server Admin Tools with a different account

Using a separate admin account is common on the Unix world. At Christian Aid we adopted separate admin accounts for staff in the ICT Services teams to give increased security.

One annoying thing about this is that Windows tools based in MMC don’t easily run as a different user AND with elevated permissions (confusingly referred to as Run as Administrator in the UI). We had been working around this by remoting to a server and then running the tools from there while logged in with an admin account.

That’s a bit of a pain though, right? It would be much better to just run the tools locally as the admin user.  It can be done by editing the shortcut to each item in Administrative Tools like this:

runas.exe /user:DOMAIN\adminuser "cmd /c Start /B app.mmc"

Obviously adjust DOMAIN\adminuser as appropriate.

Putting the whole “normal” run command behind a cmd is necessary for some applications that require additional flags, and works for those that don’t too.

Here is a list of commands that work on my copy of Windows 7:

  • Administrative Center: runas.exe /user:DOMAIN\adminuser "cmd /c Start /B dsac.exe"
    This requires Run as administrator. If it isn’t ticked, nothing will happen.
  • Domains and Trusts: runas.exe /user:DOMAIN\adminuser "cmd /c Start /B %SystemRoot%\system32\domain.msc"
  • Sites and Services: runas.exe /user:DOMAIN\adminuser "cmd /c Start /B dssite.msc"
  • Users and Computers: runas.exe /user:DOMAIN\adminuser "cmd /c Start /B dsa.msc"
  • DNS: runas.exe /user:DOMAIN\adminuser "cmd /c Start /B dnsmgmt.msc /s"
  • Group Policy Management: runas.exe /user:DOMAIN\adminuser "cmd  /c Start /B gpmc.msc"

Use this approach for any application that needs to both run as a different user (and always the same user) and/or run with elevated privileges.

/savecred security hole

Anyone using this can add a /savecred flag to the runas command, which allows storage of credentials.  The first time you use a shortcut like this, you’ll get asked for the users password in a command window.  The /savecred flag means they will get stored in Windows Credential Manager, and you won’t need to add them all the time.  That’s convenient, but it does mean if the computer and Windows account is compromised, an attacker is a click away from your admin interfaces!

Pioneer A4 speaker WiFi tweaks

I have a Pioneer A4 Airplay speaker connected by WiFi to a Technicolor TG582n router. After playing around with configuration settings as described on npr.me.uk I managed to disconnect the A4 speaker from the WiFi network.

So I decided to experiment with different combinations of settings to see if I could find which work.

  • STBC – with this enabled, the connection does work – initially I thought it didn’t but was able to get it working with the A4 next to the router.
  • CDD – with this enabled, the connection does work.  This provides better coverage, so worth using.
  • AMSDU – with this enabled the connection does work.
  • SGI – with this enabled the connection does work.

After systematically turning each thing on at a time, I found all the settings work after all, so it must have been something else that stopped the connection.  At least I now know.

I don’t think I benefit at all by using any of these settings for listening to music, but in theory they should improve performance for other wifi clients such as laptops and smartphones.  A good discussion of most of the techniques enabled by the functions can be found at Veriwave.

A better view for To-Do list in Outlook 2010

The default To-Do list in Outlook 2010 – the list at the right next to your mail/calendar etc. – shows all flagged messages and all uncompleted tasks.

I make extensive use of the Task feature in Outlook to set myself future reminders to do things, and I don’t need to see those task until a week before I need to do them.

I thought I was going to have to get into DASL language to get this functionality, but thankfully the filtering in Outlook 2010 is quite intelligent, and automatically uses OR when you add filters on the same field.

So to get what I want I changed the view for the To-Do list by right clicking on the column header in the To-Do list and selecting View Settings…

Then I clicked on Filter… and switched to the Advanced Tab.

The Date Completed and Flag Completed fields were already set to “does not exist” which is what I want in order to show all tasks that haven’t got any start or due date.

Now I added the following three filters:

  • Start date – in the next 7 days
  • Start date – does not exist
  • Start date – on or before – today

The filter automatically recognises that I want to display all tasks for which any of the above are true.  This is confirmed by looking in the SQL tab at the DASL query:

(
    "http://schemas.microsoft.com/mapi/id/{00062003-0000-0000-C000-000000000046}/810f0040" IS NULL   
          AND 
    "http://schemas.microsoft.com/mapi/proptag/0x10910040" IS NULL 
          AND 
    (
          %next7days("http://schemas.microsoft.com/mapi/id/{00062003-0000-0000-C000-000000000046}/81040040")%
              OR 
          "http://schemas.microsoft.com/mapi/id/{00062003-0000-0000-C000-000000000046}/81040040" IS NULL 
              OR 
          "http://schemas.microsoft.com/mapi/id/{00062003-0000-0000-C000-000000000046}/81040040" > 'Today'
    )
)

You can copy and paste the above DASL query into the SQL tab to quickly set this view, but you will lose the ability to edit the view through the Advanced tab, so if you want to make any further adjustments do your editing in the Advanced tab.

If you have any suggestions to improve this further, please add a comment below to share.

Elizabeth Dunlop – 1914-2013

Elizabeth Dunlop - 23 December 1914 - 24 October 2013

My Grandma, Elizabeth Dunlop, lived a remarkably long life, during which she wore many hats:

  • Sister to four, many of whom she was effectively mother to after her own passed away;
  • Lingerie saleswoman at Draffen’s, Dundee;
  • Wife to her beloved Alec;
  • Mother to Brian, then the surprise twins Joan and Lucille;
  • Grandmother to Alec, Alison, Tracey, Catriona, and myself;
  • Neighbour and friend to many in Kingoodie and other places she lived;
  • Great-grandmother to 8.

She was always engaged deeply with what was happening in her family, as well as what was going on in the world, with fiercely held opinion on what the politicians were up to, and how to load a fork with a piece of every foodstuff on the plate.

She always held an opinion on everything, but hated to argue for the simple reason that she was always right.

There was always a twinkle in her eye as she passed down wisdom and manners, often preceded by “My Father always said…”

My father always said, no uncooked joints on the table.

There was deep love and affection in her relationships.  My memories of her will always start and end with her waiting at her window at Red Cliffs, overlooking the Tay, to wave hello or goodbye to visitors, with bacon or breaded fish waiting on the grill, everything in its place, ready for whatever might happen.

Farewell Grandma – we’ll all be waving back, long after we have turned the corner and can see you no more.