I wrote up a quick and dirty Powershell script today that adds a split-tunnel VPN connection, asks the user for connection info, dials the connection, then configures static routes.
# Add-MerakiVPN.ps1
# Creates a split-tunnel VPN connection and adds static routes.
# Tim D'Annecy 2021-09-08
function Add-MerakiVPN {
$ServerAddress = 'blahblahblah.dynamic-m.com' # Change this value to match your Meraki hostname
$ConnectionName = 'Meraki VPN'
$PresharedKey = 'blah' # Change this value
Add-VpnConnection `
-Name $ConnectionName `
-ServerAddress $ServerAddress `
-TunnelType L2tp `
-EncryptionLevel Optional `
-SplitTunneling `
-AllUserConnection `
-L2tpPsk $PresharedKey `
-AuthenticationMethod Pap, MSChapv2 `
-Force
$StaticRoutes = @(
'10.0.13.0/24', # Change these to match your internal subnets
'10.0.12.0/24',
'172.16.0.0/16'
)
try {
rasphone.exe -d $ConnectionName
Start-Sleep -Seconds 30
$StaticRoutes | foreach {
New-NetRoute -DestinationPrefix $_ -InterfaceAlias $ConnectionName
}
}
catch {
Write-Error 'There was an error adding the VPN connection'
exit
}
}
Add-MerakiVPN
This one-liner imports a CSV formatted with at least the header Name and a list of user names. It outputs to a CSV with the SamAccountName and Enabled properties.
I found this post on Reddit and wanted to save the command for my notes.
Running this command in Powershell will give you the PC's currently connected SSID. This is handy for troubleshooting network issues when connected remotely through a PSSession.
If you're using Microsoft Exchange Online, there's no way to currently see when a Mail Contact was created on the web dashboard.
I wanted to know when an address was added as a Mail Contact in one of our tenants, but I also wasn't able to get an audit trail using the Microsoft Compliance center.
As a workaround, this Powershell command will give the basic info for “WhenCreated”.
QNAP recently enabled a maintenance prompt that appears when you connect over SSH. In the current version of the QNAP OS, I'm not able to turn off the prompt via GUI and needed to run a bash command to get it to go away.
I found this command somewhere and it's been working for me:
sed -r -i.bak 's/^(.*admin.*qts-console-mgmt.*)$/#\1/' /etc/profile
Change entry at Computer Configuration > Administrative Templates > System > Specify settings for optional component installation and component repair to “Enabled” and check the box for “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)”
Run gpupdate in Command Prompt.
Open Settings > Apps > Apps & features > Optional features and click “Add a feature”. Search for and install “RSAT: Active Directory Domain Services and Lightweight Directory Services Tools”
Click on “Devices” and select “Configuration profiles”. Click on “Create profile”. Change Platform to “Windows 10 and later” and the Profile type field to “Settings catalog (preview)”. Click the “Create” button.
Give it a basic name and navigate to the “Configuration settings” page.
Click the “Add settings” button. Double click on the “Local Policies Security Options” entry in the Settings picker pane on the right. Check the box for the option “User Account Control Switch To The Secure Desktop When Prompting For Elevation”. Back on the main settings area to the left, change the dropdown to “Disabled” and click the “Next” button.
Enable the policy to all devices (as needed) and then test.
