/
Prepare a Windows Device for Use Off-Campus

Prepare a Windows Device for Use Off-Campus

Owned by Terrence S Miller
Last updated: May 28, 2024 by Liz Reagan Jones
2 min read

Using a MiWorkspace Windows device off-campus requires a VPN connection for the customer's first Active Directory logon. This article describes how to ensure that Cisco Management Tunnel policies have been applied to the device prior to sending the device to an off-campus customer.

Environment

Windows Platform as a Service

Procedure

  1. The device should be pre-staged in Otto for whatever build is needed for the customer. If the device is a desktop form-factor, be sure to add the EUC-Cisco-Management-Tunnel-Desktops configuration to the device in Otto.

  2. Build the device on campus. Following completion of OSD, ensure that the device restarts a couple of times while connected to a wired ethernet network. It should perform the restarts automatically. This will ensure that the device receives the Cisco Management Tunnel GPO settings which will allow the customer to log on to U-M from off-campus.

  3. Verify that the device has successfully applied the Cisco Management Tunnel settings by logging into the device using an administrator account. After logging in, click on the MiWorkspace Helper App (the M in your taskbar), then Troubleshooting > Cisco Management Tunnel Status. Ensure it shows the following, when on a campus network:

    Additionally, you should see VpnMgmtTunProfile.xml present at C:\ProgramData\Cisco\Cisco Secure Mobility Client\VPN\Profile\MgmtTun\VpnMgmtTunProfile.xml.

  4. Confirm that the device has updated its local administrator (wkst_admin) password in LAPS. Confirming that wkst_admin password has been set since rebuild is important because it's a way for IT staff to help the user fix connectivity problems if the Cisco Management Tunnel fails to work for the customer's first logon.

  5. Following completion of the above steps, the device can be given or shipped to the customer. The customer will need to be instructed to connect their device to a network (wired or Wi-Fi) before first logon. The customer can select a Wi-Fi network on the logon screen (bottom right corner).

 

  File Modified

PNG File CiscoMgmtTunnel_Status-Disconnected-TrustedNetwork.png

Sept 26, 2023 by Sebastian Saladiak

Related content

First Time Login off Campus over Wi-Fi - Windows Devices
First Time Login off Campus over Wi-Fi - Windows Devices
Windows Platform-as-a-Service
More like this
Change your M1/M2 Account Password
Change your M1/M2 Account Password
Windows Platform-as-a-Service
More like this
Izzy Macintosh User: Changing UM Password Best Practices
Izzy Macintosh User: Changing UM Password Best Practices
Izzy Documentation
More like this
Enable Remote Desktop Power Plan
Enable Remote Desktop Power Plan
Windows Platform-as-a-Service
More like this
Provide Admin Rights or Remote Desktop Access
Provide Admin Rights or Remote Desktop Access
Otto
More like this
Technology Components of Windows Platform as a Service
Technology Components of Windows Platform as a Service
Windows Platform-as-a-Service
More like this