Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17844
Views
11
Helpful
19
Replies

MDM users needs to log in?

alyssafriesen
Community Member

‎03-26-2019 10:47 AM

I just installed the MDM application on a new machine and enrolled in device management. I can see the device in Systems Manager, but not all of the profile settings are being applied. If see that under "Profiles" there is an error message that says "The MDM user needs to log in to the device for settings to be updated".

I'm not finding any documentation on this and I'm not sure what it wants. I am logged into the machine and Microsoft reports that the sync is working correctly, but settings like WiFi are not propagating out to the device (which is connected via ethernet at the moment).

Labels:
19 Replies 19

MConley
Community Member
In response to Arthur Dent

‎04-21-2023 06:33 AM

The Meraki client service should be running in the background with admin privileges that allow it to make changes even when no user is logged in. Clearly this is possible, as any number of services run when there is no user logged in.

If that's not possible for you to implement, then Meraki MDM is next to useless for Windows devices, and I will recommend to our technology director and administration that we cancel our Meraki contracts as soon as feasible and move to some other MDM.

0 Helpful

Arthur Dent
Cisco Employee
Cisco Employee
In response to MConley

‎04-21-2023 06:37 AM

as per: https://documentation.meraki.com/SM/Device_Enrollment/Systems_Manager_Agent_and_MDM_Profile_Enrollment#Agent_vs_Profile_Features

You'll see that MDM profiles are installed with MDM, not the SM client. We cannot push MDM updates without the enrolled user being logged in. Again, this is a limitation of Microsoft's implementation of MDM

0 Helpful

TomBenoit
Community Member
In response to MConley

‎04-21-2023 06:42 AM

I took the route of packaging updates into executables using NSIS and AutoHotKey for windows devices. It was a bit of a learning curve to start but once you get over that you have infinite flexibility for changes. I have an executable that changes wifi passwords if you are interested. NSIS and Autohotkey are both free to download.

0 Helpful

MConley
Community Member
In response to TomBenoit

‎04-21-2023 07:10 AM

Well, that's certainly an approach, and I can see how it would work. Rather defeats the purpose of bothering with an MDM, of course.

It's not dissimilar to the way I run our macOS fleet, installing apps via Munki even though they're enrolled in Meraki. That's mainly legacy, because I simply haven't bothered to make all the apps available to the Meraki Systems Manager. However, the salient point is that, if I did, I could push apps out to my Macs from Meraki and it would just work — whereas doing the same for Windows clients is effectively impossible.

(Also unlike the Windows clients, having the Macs enrolled in Meraki even though I use Munki for apps still makes sense, since I can push profiles out and make changes to them even if they're just sitting there at the login screen. We simply assumed this would work for Windows as well, and, clearly, we were wrong.)

But thanks for the suggestion.

0 Helpful

MConley
Community Member

‎04-21-2023 06:25 AM

I'm also going to note that 'kudos' is singular, not plural, and does not refer to a countable quality; there is no such word as 'kudo'. In exactly the same way that you do not give someone a 'congratulation', you do not give someone a 'kudo'. But, anyway....

0 Helpful
Customers Also Viewed These Support Documents