-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filter Radius Certificate Distribution By Device Group #532
Comments
I think I have a planned change for you @alister-cf, I agree there's a more efficient way to do this. |
@jworkmanjc I ended up doing an implementation myself which might work for others too! But Ultimately this is just getting a list of mobile devices and the last Jumpclouded person to access it. As for my solution, I added the following line to 83-84 of Generate-UserCerts.ps1 As for the code of this function, I just pull a {Device: User} KV Pair JSON blob from a web server that's automatically generated. |
Looks awesome, much better than doing a query every time. |
@jworkmanjc it's simple but way better for us, The speed improvement by not doing a lot of stuff that doesn't need to be done was significant. it use to take 3 days to generate and distribute the certs before, and generate around 5000 to 7500 machine command's, it now takes 15 minutes and only generates around 25 machine commands. Also means i can now use the rest of the tool for monitoring distribution and failures without having to wait hours and trying to avoid timeouts. we have around 150 machines and 100 users. Also allowed us to continue using groups to assign permissions for groups of devices instead of permissions for individual users per device. |
@alister-cf if you want to chat at all I'm interested in learning more about how you are managing the lifecycle of certs. There are some changes I'd like to make to the tool. I'd like to turn the tool into a proper PowerShell module, something you can schedule through a cron job, there's also planned work to remove the generated commands requirement. If you'd like to chat and show me anything you've done I'm highly motivated to setup a meeting. Let me know if you want to share anything it would be helpful for me to understand how others are using this. |
@jworkmanjc That would be great, happy to have a meeting to discuss how we use it, we have only just started using certificates but will be looking at renews early Jan, it will just be manual for now using the scripts until I get motivated to automate it! |
It would be nice to be able to filter the distribution of certificates to only devices that can actually use them, This would also reduce the amount of commands generated unnecessarily, also the time to distribute!
The text was updated successfully, but these errors were encountered: