Windows 10 devices have started to trickle into our production environment and I needed a quick way to apply Windows 10 specific policies to these computers.

By creating a WMI filter that looks for the Windows 10 version number and then linking that query to our Windows 10 group policies, we can ensure that only Windows 10 PCs will get the policies we want.

First we use the command line utility ‘wmic‘ to find out what version of Windows wmi is reporting. (Make note of the version number, quite a jump from previous versions of windows; Windows 7 used 6.1, Windows 8 used 6.2, and Windows 8.1 used 6.3)

After upgrading our Firepower Management Center to 6.0, we noticed that usernames were no longer populating in our dashboards. Instead of showing users, all we could see was “No Authentication Required.”

After opening a support case, TAC pointed me to the following bug: cscux39125 (cisco login required).

To resolve the issue we need to set the active directory domain to our domain’s NetBIOS short name in Firepower’s realm configuration.

To change your realm configuration go to System -> Integration -> Realms

Just got in a new Cisco ISR 4431 and needed to upgrade IOS-XE out of the box. Cisco has been nice enough to include a 1Gb USB flash drive with their new ISRs, making the software upgrade process a cinch. Here are the steps involved to install a new version of IOS-XE via USB drive.

• Download your chosen version of IOS-XE from cisco.com. Keep in mind there are often may different trains and revisions of code available.
  • To help you decide which version of code is right for you, there’s the cisco IOS feature navigator found here.
  • To help differentiate the different designations of code, i.e., MD, ED, GD, take a look here.
  • Typically I opt for a gold star release, which are cisco recommended releases “based on software quality, stability and longevity.”

the downloaded image to your USB drive and insert it into the ISR

I don’t know about you, but self-signed certificates seem to trigger my IT OCD. When possible, I like to replace self-signed certs with one signed by our Active Directory CA. Here are the steps involved to replace the self-signed certificate on Cisco’s FirePOWER Management Center/SourceFire Defense Center with one signed by your internal Active Directory Certificate Authority.

• In Defense Center, go to System -> Configuration -> HTTPS Certificate
• Click “Generate New CSR”

On Windows I love the lightweight and open source TFTPD32, but there may come a time when you find youself needing to transfer some files and all you have is your trusty mac.

Luckily there’s a built in tftp daemon that you can use in a pinch.

By default tftpd uses the following folder:

/private/tftpboot

which is hidden in finder, but can be accessed by using “go to folder” or hitting Command+Shift+G and entering /private/tftpboot